- 


I.T.  GOVERNANCE 

It’s  not  about  processes;  it’s  about 
recruiting  the  right  people 

Page  32 


FFING  CRISIS 


You  Need 


w  to  HooktheTalent 


Page  40 


The  pool  is  shallow. 

The  competition  is  fierce. 


BY  STEPHANIE  OVERBY 


BUSINESS  TECHNOLOGY  LEADERSHIP 


THE  MID-MARKET 
SUPPLY  CHAIN 

Mitigating  the  risks  and 
leveraging  the  efficiencies 
of  hosted  software 

Page  60 


CIO 


SrS&mtJSil-  leqHTe,PUpChf^0f  m°re  ,han  0ne  P^d^tes^ement  these  capabilities  an/may  not  be  available  on  pictured  Deduct.  IBM  the  IBM . 

gnd/o^other countries’  Other comoanv  DroductTndte601/^8  °f  of  Internatighal  Business  Machines  Corporate  If  the  United  States 

company,  product,  and  service  names  rfey  be  tradStmcfcsorservice  mferks  of  others.  ©2006  IBM  Corporation  All  rights  reserve^ 


.INFRASTRUCTURE  LOG 

_DAY  45:  These  underutilized  storage  boxes  have  proliferated 
exponentially.  Their  inability  to  share  capacity  has 
doomed  us.  We’re  trapped  in  a  maze  of  our  own  creation. 

_DAY  47:  I  tried  to  give  Gil  a  boost  over  this  wall,  but 
he  pulled  a  hammie. 

_DAY  48:  I’ve  taken  back  control  with  IBM  System  Storage™ 
Its  SAN  Volume  Controller  puts  my  entire  storage  universe 
into  a  simple,  virtualized  pool.  And,  unlike  EMC,  IBM 
has  fourth-generation  virtualization  technology  and  over 
2,000  customers.  I’m  seeing  results. 

.Productivity  is  up.  Utilization  is  up.  I.T.  guys  lost  in 
mazes  of  data  is  down. 


Dell  recommends  Windows®  XP  Professional 


NEW  DELL™  LATITUDE™ 
D620  NOTEBOOKS 
FOR  BUSINESS  FEATURE 
THE  RELIABILITY  OF  INTEL® 
CENTRINO®  DUO  MOBILE 
TECHNOLOGY. 


PURE  PRIVACY 


The  built-to-order  fingerprint  reader  inside  the  new 
Dell  Latitude  D620  adds  a  personal  layer  of  security 
to  help  keep  your  notebook  locked  down.  And  the 
comprehensive  software  suite  uses  cutting-edge 
encryption,  so  your  businesses'  secrets  can  stay  secret. 
That's  the  direct  path  to  success.  That's  pure  Dell. 


Centrino^. 

Duo  WP 


www.dell.com/secure/ciomag 


PURE 


1.877.517.DELL 


.  !■  ■  <  aoi-pt  he  responsible  for  errors  in  typography  or  photography.  Dell,  the  Dell  logo  and  Latitude  are  trademarks  of  Dell  Inc.  Intel,  Intel  logo,  Intel  Inside,  Intel  Inside  logo,  Centrino  and  the  Centrino  loqo  are  trademarks  nr  rpnistpnxl 
’’.'•'T'  n  Hi  -orPOf3tion  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries 


©  T'!uS  Dell  Inc.  All  rights  reserved. 


40  How  to  Hook  the  Talent  You  Need 

cover  storv  |  staffing  Things  to  do  today  and  tomorrow  to  keep 
your  evolving  IT  department  stocked  with  the  best  and  most  useful 
employees.  By  Stephanie  Overby 

56  The  CIO-CSO  Partnership 

security  Where  do  the  boundaries  between  IT  and  security  begin  and 
end?  Who’s  responsible  for  what?  How  do  you  decide?  When  it  works,  the 
relationship  between  CIO  and  CSO  can  be  a  beautiful  thing. 

By  Michael  Goldberg 

60  Meet  Your  New  Host 

mid-market  Supply  chain  software  has  been  considered  too  risky  and 
important  to  be  hosted  by  outsiders.  That  is,  until  you  consider  the  risks 
and  expense  of  installing  and  supporting  it  yourself.  By  Meridith  Levinson 


28  Tracks  in  the  Snow 

metrics  IT  projects  are  usually  judged 
successes  or  failures  when  they  go  live.  But 
look  back  and  you  will  see  the  real  judgment 
comes  later— and  that  requires  a  new  set  of 
value  criteria.  By  R.  Ryan  Nelson 


32  Everyone  Gets  to  Play 
governance  Good  IT  governance  is  not 
about  committees,  processes,  forms  and  pro¬ 
cedures.  It’s  about  involving  as  many  people 
as  possible.  And  then  it’s  IT’s  job  to  support 
them.  By  Lynne  H.  Vogel 


1K/I~ 


K/  ‘  w 

I*’*  tt 


36  Value?  Added. 
i.t.  value  How  CIOs  can  engineer  a 
“tipping  point”  to  speed  up  adoption  of  value 
management  practices  and  prove— once  and 
for  all— that  IT  matters.  By  Susan  Cramm 


more  » 


www.cio.co 


SEPTEMBER  1,  2006  |  VOL/19  |  NO/22 


Columns 


COVER  ILLUSTRATION  BY  BORIS  KULIKOV 


MBER  1.  2006  3 


You’re  finally  getting  your  enterprise 
information  under  control. 

NOW,  YOUR  MOBILE  USERS  WANT 
TO  ACCESS  IT  ON  ANY  DEVICE. 


When  businesses 
get  serious  about 

INFORMATION 

MOBILITY 

they  get  Sybase. 


Ready  to  get  serious  about  mobilizing  your  enterprise?  Choose  the  company  that  81  of  Fortune  100  organizations 
rely  on  to  securely  deliver  decision-ready  information  to  the  point  of  action  while  givingyou  the  IT  control  you  need: 
Sybase.  Leveraging  proven,  industry-leading  software,  our  powerful,  new  Information  Anywhere®  Suite  provides 
modular  components  for  email/PIM,  heterogeneous  device  management  and  security,  and  enterprise  application 
enablement.  So  if  you're  ready  to  make  the  Unwired  Enterprise  a  reality,  Sybase  can  help  you  deliver  some  serious 
results. To  learn  more,  visit  www.sybase.com/getserious2 


Copyright  ©2006  Sybase,  Inc.  All  rights  reserved.  Sybase,  the  Sybase  logo,  and  Information  Anywhere  are  trademarks  of  Sybase,  Inc. 
®  indicates  registration  in  the  United  States  of  America.  All  product  and  company  names  are  trademarks  of  their  respective  owners. 


Sybase 


IT  is  changing  and  therefore  the  story 
our  magazine  tells  is  changing  too. 

By  David  Rosenbaum 

10  From  the  Publisher 

Your  most  important  communication 
tool  is  on  your  desk.  By  Gary  Beach 

15  Trendlines 

p  Disaster  plans  post-Katrina 
p  Cheaper  chips  through  the  power 
of  light 

p  First  phishing,  now  vishing 
►  Computer  education’s  failing  grade 
p  Mapping  for  IT  success 
p  Flag  your  waiter  wirelessly 
p  Smarter  IT  service  delivery 
p  Bank  of  New  York  makes  CIO 
innovation  chief 

23  Essential  Technology 

Really  Simple  Syndication  can  improve 
business  processes  and  help  over¬ 
whelmed  employees  better  manage 
information.  By  Galen  Gruman 

66  Index 
68  Endlines 

Real-Life  IT  Awards 

By  Scott  Kirsner 


Fishing  for  Talent 

For  the  second  year  in  a  row,  a  majority  of  IT 
leaders— two-thirds,  in  fact— say  their  staffs 
are  stretched  too  thin,  accordingtoC/O’s 
“2006  Midyear  IT  Staffing  Update.”  Read  the 
overview  tofind  out  what  CIOs  are  doing  to 
retain  and  motivate  employees  in  the  face 
of  a  looming  talent  shortage.  Then  download 
thefull  reporttodrill  into  the  details. 


))  www.cio.com/090106 


[BLOGS] 

I’M  FROM  IT. 

AND  I’M  HERETO  HELP 

Whatever  happened  to  common  courtesy? 
Open-source  pundit  Bernard  Golden 
describes  a  disturbing  conversation  and 
its  implications foropen  source. 

blogs.cio.com/node/392 

REAL-TIME  WAR  VS. 
REAL-TIME  BUSINESS 

Mike  Hugos  moves  beyond  the  sometimes 
flippant  waranalogies  used  in  business 
every  day  and  looks  for  rea  I  lessons  that 
combat  can  teach  corporations— whi  le 
expressinga  hope  that  the  skills  learned 
in  war  might  soon  be  turned  to  more 
constructive  pursuits. 

blogs.cio.com/node/395 


CIO  executive  coach  John 
Baldoni  provides  advice 
on  getting  ready  for  those 
critical  presentations. 
Find  this  and  more  career 
tips  at  www.cio.com/ 
podcasts/coach_casting 
.html. 


MAKE  YOUR  POINT 


mm 


CIO. 

com 


l 


»  Blogs:  CIO  editors’  insights  and  analysis 
»  Tech  Informer:  The  latest  product  updates 
»  Microsoft  Informer:  What’s  Redmond  up  to  now? 

»CIO  News  Alerts:  Business  and  technology  news  you  need  to  know 


6  SEPTEMBER  1,  2006  |  www.cio.com 


WHATEVER  CHOICE  YOU  MAKE,  YOU’RE  TOAST 


lose  money 


lose  customers 


I  You  know  that  the  only  way  to  succeed  is  by  serving  your  experience  at  a  time.  We’ve  enabled  more  than  a  billion 

customers  better.  But  what  organization  can  afford  to  successful  customer  interactions  for  our  clients  in  every 

throw  endless  dollars  at  improving  the  customer  major  industry.  Chances  are,  we  can  help  you,  too. 

experience?  With  RightNow,  you  don’t  have  to  make  a 

deal  with  the  devil.  Find  out  why  RightNow  leads 

in  client  satisfaction.  Download 
RightNow  provides  a  breakthrough  solution  that  lets  you  your  free  executive  summary  of 

enhance  your  customer  experience  while  reducing  costs.  CRMGuru’s  Solutions  Guide  at 

By  delivering  knowledge  at  every  customer  touchpoint,  www.rightnow.com/toast  or  call 

RightNow  helps  you  grow  your  business,  one  customer  us  toll-free  at  1.877.363.5678.  TECHNOLOGIES 


w  r  ' 

FROM  THE  EDITOR 

I _ , _ 

Our  Story 


IT  is  changing  and  therefore 
the  story  our  magazine  tells  is 
changing  too 


Good  magazines,  successful  magazines,  no  matter  what  their  ostensible  subject, 
are  driven  by  an  underlying  theme,  a  meta-story.  Without  that  conceptual  foundation, 
a  magazine  becomes  a  mere  collection  of  articles,  an  anthology  rather  than  a  novel. 

In  the  ’50s,  Playboy’ s  meta-story  was  the  loosening  hold  of  Puritanism  on  America. 
In  the  ’60s,  Rolling  Stone’s  theme  was  youthful  rebellion  against  aging  authority.  The 
booming  economy  of  the  ’80s  inspired  Esquire  to  infuse  consumption  with  sophis¬ 
tication,  while  Inc.  celebrated  the 
rise  of  the  entrepreneur.  In  the  early 
days  of  the  Internet,  magazines 
like  Wired  and  Fast  Company  and 
Industry  Standard  were  all  about 
revolution.  Anything  new  was,  by 
definition,  good;  everything  old  was 
simply.. .hopeless. 

These  themes  informed  every  article  those  magazines  ran,  dictated  their  design 
and  determined  their  presentation.  The  magazine’s  success  depended  on  how  well 
its  meta-story  reflected  its  readers’  dreams  and  realities. 

But  as  times  change,  so  must  the  meta-story.  If  it  doesn’t,  the  publication  becomes 
irrelevant.  To  wit.  Playboy  is  no  longer  a  cultural  leader;  Industry  Standard  is  just  a 
lingering  memory  on  the  Web. 

CIO,  thankfully,  is  still  here  because  it  always  has  been  designed  to  reflect  its  read¬ 
ers’  reality.  Consequently,  our  meta-story  has  gone  through  several  changes. 

In  the  beginning,  when  the  CIO  role  was  new,  our  meta-story  was  about  gaining 
respect.  CIOs  were  trying  to  change  their  image  from  the  guy  who  fixed  the  comput¬ 
ers  to  a  C-level  executive  with  broad  enterprise  responsibilities.  Accordingly,  we  cel¬ 
ebrated  CIO  accomplishments;  we  cheered  each  and  every  success,  even  when  they 
were  (frankly)  pretty  small. 

When  the  Internet  bubble  burst,  our  meta-story  changed.  We  emphasized  running 
IT  like  a  business.  We  ran  articles  about  communicating  IT  value,  about  how  to  cut 
costs.  We  warned  CIOs  against  complacency;  we  argued  for  managerial  rigor. 

Today,  the  story  has  changed  again.  Computing  is  moving  from  the  enterprise 
server  and  the  desktop  to  the  Web;  applications  are  turning  into  services;  and  the 
nature  of  the  CIO’s  job  is  moving  from  a  technology  role  to  a  business  function  even 
as  the  IT  department  morphs  from  a  reactive  provider  of  services  to  a  proactive  driver 
of  top-line  growth.  Our  new  meta-story  is  about  transformation. 

To  that  end,  this  issue’s  cover  story  is  “How  to  Hook  the  Talent  You  Need”  (Page 
40)  by  Senior  Editor  Stephanie  Overby.  It  describes  the  changes  IT  is  undergoing,  and 
it  tells  you  five  things  you  can  do  today  and  five  things  you  can  do  tomorrow  to  hire 
the  enterprise  architects,  business  analysts,  developers  of  services  and  managers  of 
business  processes  that  this  new  paradigm,  this  new  story,  demands. 

Our  success  is  based  on  how  well  we  reflect  your  reality,  so  let  us  know  how  we’re 
doing.  We  want  to  be  around  the  next  time  your  story  changes.  And  it  will. 


drosenbaum(a)cio.com 


Computing  is  moving  from  the 
desktop  to  the  Web,  applications 
are  turning  into  services,  and 
the  IT  department  is  morphing. 
Our  new  meta-story  is  about 
transformation. 


8 


SEPTEMBER  1,  2006 


www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


The  cost 
of  getting 

bigger 
just  got 
smaller. 

You  need  more  storage.  You  don't  need  more  fees  or  systems  to 
manage.  The  Pillar  Axiom™  storage  system  lets  you  add  performance 
and  capacity  over  300  TB  per  system,  without  multiple  software 
license  fees.  It  empowers  you  to  manage  data  on  multiple  tiers, 
whether  in  SAN,  NAS  or  both,  through  one  simple  user  interface. 
Because  Pillar  delivers  top-tier  performance  and  capacity,  often  for 
less  than  what  many  companies  pay  just  to  maintain  and  operate 
their  storage  systems,  it  can  really  improve  your  bottom  line. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1-877-252-3706  orvisitwww.pillardata.com/smaller 

Learn  the  truth  about  networked  storage. 


BUSINESS  TECHNOLOGY  LEADERSHIP 


FROM  THE  PUBLISHER 


Can  You  Hear 
Me  Now? 

Your  most  important  communication  tool  is  on  your  desk 

Recently,  I’ve  been  asking  CIOs  this  question:  What’s 
your  most  powerful  communications  device? 

Most  select  their  e-mail-enabled  cell  phones. 
Some  choose  their  desktop  or  notebook  computers. 
But  those  answers,  in  my  opinion,  reflect  how  much 
the  device  is  used,  not  its  power. 

For  me,  the  good  old-fashioned  office  telephone  is 
the  champ.  And  it’s  bound  to  get  even  more  powerful 
as  VoIP-enabled  phones  begin  to  proliferate. 

CIOs  who  disagree  with  me  (and  most  do)  point  to 
their  cell  phone’s  agility  and  flexibility.  On  that,  I’ve  gotta  agree.  It’s  hard  to  attach  a 
desktop  phone  to  your  hip  or  bring  it  in  your  car.  And,  granted,  the  cell  phone  does 
do  a  good  job  of  helping  us  keep  in  touch.  Calls  made  on  office  phones,  however,  allow 
for  a  fuller  exchange  of  ideas.  You  talk  longer  because  the  sound  quality  is  vastly 
superior.  When  was  the  last  time  you  had  to  ask,  “Can  you  hear  me  now?”  from  an 
office  phone? 

Not  convinced? 

Answer  me  this:  If  you  had  the  chance  to  close  a  million-dollar  deal,  and  you  had 
a  choice,  would  you  use  your  cell  phone  or  your  office  phone? 

Convinced  now? 

So  make  a  list  each  Monday  morning  of  five  people— employees  doing  great  work, 
important  partners,  key  prospects— and  write  down  each  person’s  telephone  number. 
Vow  by  Friday  to  call  each  one,  leveraging  the  power  of  your  office  phone. 

CIOs  claim  that  good  communication  is  the  key  to  their  success.  Try  using  your 
office  phone  more.  I  guarantee  you  it  will  increase  the  power  of  your  calls. 


Gary  Beach,  Publisher 

gbeach(2)cio.com 


president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 

CXO  MEDIA 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 
general  manager  Mark  Hall 
program  director  Shaw  Lively 
vp,  development  Dexter  Siglin 
managing  dir.,  content  development  Richard  Pastore 
dir.,  external  relations  Karen  Fogerty 
director  of  research  Michael  Swenson 
marketing  communications  manager  Jennifer  Baker 
MGR.  OF  OPERATIONS  AND  PROJECT  MGMT.  Jean  Costello 
DIRECTOR  OF  RELATIONSHIP  MANAGEMENT  Steve  Rovniak 
PROGRAM  SERVICES  MANAGERS 

Michael  Fahlsing,  Ellen  Friedman.  Bill  Golden, 
Carrie  Mathews.  Bill  Roche 

DEVELOPMENT  MANAGERS 

Patrick  Clarke.  Lauren  DeLong,  Steve  Dodman, 
Robert  Graham,  John  Harrison 

EXECUTIVE  PROGRAMS 
vp.  executive  programs  Ellen  Daly 

DIRS.,  BUSINESS  DEVELOPMENT 

Chris  Mattoon,  John  Vulopas 

conference  manager  Judith  Kittredge 
event  planner  Sarah  Yee 
client  relations  associate  Lisa  Byron 
client  services  specialist  Cress  O'Brien 

ONLINE 

vp,  gm  online  Martha  Connors 

senior  i.t.  architect  Srinivas  Dutta 

ONLINE  PRODUCERS 

Bill  Hall,  Jennifer  McCarthy,  Joe  Nguyen 
multimedia  producers  Lisa  Boles,  Gregg  Linde 

online  advertising  specialist  Irina  Gabechiia 

INFORMATION  SYSTEMS 

idg  dir.  of  information  services  Nancy  Newkirk 
lead  developer  Sean  McCracken 
senior  user  support  specialist  Christopher  A.  Kay 
user  services  specialist  Gloria  Lam 
senior  web  developer  David  Cohen 
web  developer  Sanghee  Seo 

PRODUCTION 

vp,  manufacturing  Chris  Cuoco 
production  manager  Heidi  Broadley 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

SR.  DIRECTOR,  MARKETING  COMM.  Sue  YanOVitch 

sr.  marketing  comm,  specialist  Susan  Maloney 
marketing  comm,  specialist  Lynn  Holmlund 

RESEARCH 

research  director  Lorraine  Cosgrove  Ware 

research  manager  Carolyn  Johnson 

ADMINISTRATION 

coo  Matt  Smith 

dir.,  finance  Margarita  Chiango 

FINANCIAL  ANALYST,  ONLINE  AND  INTEGRATED  PRODUCTS 

Chris  Bernardi 

executive  assistant  to  the  president  Diane  Martin 
billing  specialist  Joyce  Gillis 
facilities  specialist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp,  human  resources  Patricia  Chisholm 
sr.  hr  representative  Beth  S.  Ramistella 


Y 

CXO\MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 

*BPA 


10 


SEPTEMBER  1,  2006 


www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


Internal  Audit 


Business  Risk 


Technology  Risk 


TRUTH  BE  TOLD, 

WE  WORK 

HALF  AS  HARD 

AS  OUR  COMPETITORS 

ON  ERP  ASSESSMENTS. 


We  just  don’t  need 
to  pour  our  time 
(and  your  money) 
into  assessing  your  ERP  system 
the  way  the  competition  does. 

That’s  because  at  Protiviti, 
we’ve  developed  proprietary 
tools  (and  strategic  relationships  with  the  likes  of 
Oracle®,  PeopleSoft®  and  SAP®)  that  make  our 
assessment  process  incredibly  efficient.  We  can 
quickly  move  on  to  value-added  tasks  such  as 
helping  you  automate  your  controls.  In  many 
cases,  our  Applications  Controls  Effectiveness 


(ACE)  solutions  can  eliminate  50 
percent  of  your  manual  controls, 
netting  you  significant  savings. 
What’s  more,  automating  your 
controls  can  enable  continuous 
monitoring  of  your  ERP  system 
and  improve  the  reliability  of 
your  Sarbanes-Oxley  compliance  efforts.  Now 
those  are  the  kind  of  things  we  do  believe  in 
working  on  really  hard. 

For  a  complimentary  copy  of  our  new  publication, 
Guide  to  the  Sarbanes-Oxley  Act:  Managing  Application 
Risk  and  Control,  visit protiviti.com/ ACE. 


Know  Risk.  Know  Reward.1'1 


©  2006  Protiviti  Inc.  An  Equal  Opportunity  Employer.  Oracle  and  PeopleSoft  are  registered  trademarks  of  Oracle  Corporation.  SAP  is  a  registered  trademark  of  SAP  AG.  All  marks  are  the  property 
of  their  respective  owners.  Protiviti  is  not  licensed  or  registered  as  a  public  accounting  firm  and  does  not  issue  opinions  on  financial  statements  or  offer  attestation  services.  0506-9014 


BUSINESS  TECHNOLOGY  LEADERSHIP 


WHAT  WE  COVER,  WHOM  TO  CONTACT 


CIO  CAREER 

■  Skills 


president  and  ceo  Michael  Eriedenberg 
publisher  Gary  J.  Beach 

EDITORIAL 

editor  in  chief  Abbie  Lundberg 
managing  editor  David  Rosenbaum 

EXECUTIVE  EDITORS 

Christopher  Koch,  Eiana  Varon 

WASHINGTON  BUREAU  CHIEF 

Allan  Holmes 

TECHNOLOGY  EDITOR 

Laurianne  McLaughlin 

SENIOR  EDITORS 

Stephanie  Gelston,  Stephanie  Overby 

SENIOR  WRITERS 

Meridith  Levinson, 

Thomas  Wailgum,  Ben  Worthen 

CONTRIBUTORS 

Susan  Cramm,  Michael  Goldberg,  Grant  Gross, 
Galen  Gruman,  Scott  Kirsner,  R.  Ryan  Nelson, 
James  Niccolai,  Susannah  Patton,  Lynne  H.  Vogel 

EDITORIAL  ADMINISTRATOR 

Jill  Paquette 

DESIGN 

EXECUTIVE  DIRECTOR,  ART  AND  DESIGN 

Mary  Lester 

art  director  Terri  Haas 

ASSOCIATE  ART  DIRECTORS 

Matthew  Goebel,  Chandra  Tallman 

COPY  TEAM 

ASSISTANT  MANAGING  EDITOR 

Emily  S.  Henderson 

SENIOR  COPY  EDITORS 

Diann  Daniel,  Cathy  Mallen 

COPY  EDITOR 

Susan  Bryant-Still 

EDITORIAL  ASSISTANTS 

Margaret  Locher,  Christopher  Lynch, 
Katherine  Walsh 

ONLINE  EDITORIAL 

TECHNOLOGY  EDITOR 

Christopher  Lindquist 

WEB  EDITORS 

Sandy  Kendall,  Paul  L.  Kerstein 

ONLINE  NEWS  WRITER  Al  SaCCO 
online  copy  editor  David  Gradijan 

RESEARCH 

RESEARCH  DIRECTOR 

Lorraine  Cosgrove  Ware 

RESEARCH  MANAGER 

Carolyn  Johnson 

CXO  MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 
BOARD  CHAIRMAN  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carngan 


©CXO  Media  Inc. 


■  Job  Specs 

■  Career  Path 

■  Professional  Development 

■  Personal  Development 

Stephanie  Gelston,  sgelston@cio.com 
Meridith  Levinson,  mlevinson@cio.com 

LEADERSHIP  &  MANAGEMENT 

■  Governance  &  Alignment 

■  Budget  Management  &  IT  Value 

■  Business  Process  Redesign 

■  Management  Methodologies 

■  Project  Management 
Christopher  Koch,  ckoch@cio.com 
Eiana  Varon,  evaron@cio.com 

SOURCING  &  STAFFING 

■  Staffing 

■  Vendor  Management 

Stephanie  Gelston,  sgelston@cio.com 
Stephanie  Overby,  soverby@cio.com 

RISK  MANAGEMENT 

■  Security 

■  Business  Continuity 

■  Compliance 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 


ENTERPRISE 

INFRASTRUCTURE 

■  Enterprise  Architecture,  SOA 

■  Middleware 

■  Enterprise  Resource  Management  (ERP) 

■  Supply  Chain  Management  (SCM) 

■  B2B  Electronic  Commerce 

Christopher  Koch,  ckoch@cio.com 
Thomas  Wailgum.  twailgum@cio.com 
Ben  Worthen,  bworthen@cio.com 

CUSTOMERS 

■  Customer  Resource  Management  (CRM) 

■  B2C  E-Commerce 

■  Business  Intelligence 

■  Privacy 

Allan  Holmes,  aholmes@cio.com 

TECHNOLOGY 

■  Emerging  Technology 

■  Networking  &  Communications 

■  Data  Center 

■  Storage 

■  Hardware 

■  Wireless/Mobility 

■  Knowledge  Management 
Christopher  Lindquist,  clindquist@cio.com 
Laurianne  McLaughlin,  lmclaughlin@cio.com 
Thomas  Wailgum,  twailgum@cio.com 

GOVERNMENT 

Allan  Holmes,  aholmes@cio.com 


COLUMN  &  DEPARTMENT  CONTACTS 

Applied  Insight 

Martha  Heller 

Christopher  Koch,  ckoch@cio.com 

Stephanie  Gelston,  sgelston@cio.com 

Book  Reviews 

Michael  Schrage 

Laurianne  McLaughlin,  lmclaughlin@cio.com 

Abbie  Lundberg,  lundberg@cio.com 

By  the  Numbers 

On  the  Move 

Laurianne  McLaughlin,  lmclaughiin@cio.com 

Meridith  Levinson,  mlevinson@cio.com 

Endlines 

Peer  to  Peer 

David  Rosenbaum,  drosenbaum@cio.com 

Eiana  Varon,  evaron@cio.com 

Essential  Technology 

Susan  Cramm 

Laurianne  McLaughlin,  imclaughlin@cio.com 

Stephanie  Gelston,  sgelston@cio.com 

Forum 

Total  Leadership 

David  Rosenbaum,  drosenbaum@cio.com 

Eiana  Varon,  evaron@cio.com 

InBox 

Trendlines 

Cathy  Mallen,  cmallen@cio.com 

Laurianne  McLaughlin,  lmclaughlin@cio.com 

Keynote 

Eiana  Varon,  evaron@cio.com 

e-mail  letters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc., 
492  Old  Connecticut  Path,  P.O.  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com 
subscriber  services  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com 
reprint  services  Jennifer  Eclipse  •  PARS  International  •  212  221-9595  ext.  237  •  E-mail  jeclipse@parsintl.com 
rights  and  permission  Yadira  Pizarro  •  212  221-9595  ext.  231  •  E-mail  yadira@parsintl.com 


•'BPA 


NllltVIlt 


12  SEPTEMBER  1,  2006  |  www.cio.com 


THE  ESSENTIAL  ELEMENTS  OF 

IT  GOVERNANCE 


Strategy 


Leadership 


Compuware 

Changepoint 


Even  the  most  effective  strategy  and  leadership  need  the  right  data  to  support  them.  Compuware  Changepoint 
provides  the fundamental  components for  better  decision-making.  While  Changepoint  automates  key  organizational 
processes,  you  get  an  integrated  dashboard  view  of  IT  costs,  effort  and  value  with  the  power  to  drill  down  for 
details.  Hard facts  delivered  on  demand — now  that’s  putting  true  IT  insight  in  the  palm  of  your  hand. 


f  Compuware 

<D  Changepoint' 


Discover  the  “Total  Economic  Impact”  of  implementing  IT  Governance. 

Download  the  latest  Compuware-commissioned  case  study  conducted  by 
Forrester  Consulting  at  www.compuware.com/Changepoint/ROI3.  Or,  visit 
us  at  http://www.compuware.com/it-governance/. 


COMPUWARE. 


TO  KNOW 

SAS  SOFTWARE 


BUSINESS  * 
INTELLIGENCE 

Better  answers,  faster. 


ENTERPRISE  INTELLIGENCE  PLATFORM 

DATA  INTEGRATION 

INTELLIGENCE  STORAGE 

BUSINESS  INTELLIGENCE 

ANALYTICS 


Challenged  with  balancing  efforts  to  support  strategic  initiatives  while  still  lowering  operational 
costs?  SAS  takes  you  beyond  traditional  Bl  query  and  reporting  to  a  higher  level  of  shared 
decision  making  that  drives  innovation.  Our  fully  integrated  Enterprise  Intelligence  Platform  sets  the 
foundation,  linking  technologies  for  data  integration  and  storage,  reporting  and  analysis.  Proven 
software,  industry-specific  solutions  and  domain  experience  extend  the  value  of  your  investment. 
Bridging  the  gap  between  what  you  have  -  growing  expectations  to  deliver  a  return  on  investment 
-  and  what  you  want  to  achieve  -  increased  profits,  reduced  risk  and  improved  performance. 

Want  Proof?  Find  out  why  SAS  is  at  work  in  96  of  the  top  100  companies  on  the  FORTUNE 
Global  500®  —  with  customer  retention  rates  exceeding  98%  annually  for  30  years. 

\  www.sas.com/innovation  m  Free  white  paper 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  of  their  respective 
companies.  ©  2006  SAS  Institute  Inc.  All  rights  reserved.  378042US.0406 


EDITED  BY  LAURIANNE  McLAUGHLIN  NEW  *  HOT  *  UNEXPECTED 


j 

i 


! 


Katrina  Plus  One: 

DisasterPlans  Stress  Communication 


disaster  recovery  A  year  has  passed,  but  Aug.  29,  2005, 
remains  a  fresh  memory  for  Mississippi  Power  CIO  Aline  Ward: 

As  Hurricane  Katrina  slammed  the  Gulf  Coast,  Ward  scrambled  to 
keep  communication  lines  open  from  a  command  center  in  the  util¬ 
ity’s  Gulfport  plant.  Because  this  storm  center  was  located  several 
miles  inland,  Ward  thought  equipment  would  be  safe  from  flood¬ 
ing.  “We  were  on  the  second  floor,  but  soon  the  water  started  to  rise 
and  come  inside  the  building,”  recalls  Ward.  Working  in  the  dark, 
Ward  and  her  IT  colleagues  piled  sandbags  against  the  door  and 
bailed  water  from  the  room  to  keep  radio  communications  equip¬ 
ment  up  and  running. 

The  result?  Ward  kept  one  radio  system  running  throughout  the 
storm  and  its  aftermath,  while  her  IT  department  worked  through 
the  night  and  logged  18-hour  days  for  more  than  a  week  after  the 
storm  to  help  restore  power  to  195,000  customers  who  could 
safely  receive  it  in  23  counties  throughout  southeastern  Missis¬ 
sippi.  Many  of  the  employees— including  Ward— lost  their  homes 
to  Katrina.  “The  personal  side  was  huge,”  Ward  says,  noting  that 
many  employees  still  don’t  have  homes  and  that  all  corporate  offices 
remain  located  in  trailers  or  one  of  five  temporary  buildings,  all  of 
which  IT  had  to  quickly  equip. 

Continued  on  Page  16 


Cheaper  Chips  Through  the  Power  of  Light 


MICROPROCESSORS 

Could  ultraviolet  light  lead 
to  lower-cost  microproces¬ 
sors  and  then  to  lower-cost 
PCs?  It  might,  if  a  U.K. 
research  project  pans  out. 
Researchers  at  University 
College,  London,  have 
found  a  way  to  use  UV  light 
instead  of  energy-hungry 
blast  furnaces  to  create  the 
important  silicon  dioxide 
insulation  layer  on  PC  chips. 


Creating  a  film  of  silicon 
dioxide  on  silicon  wafers  is  an 
important  stage  in  chip  man¬ 
ufacturing:  This  film  serves 
as  the  insulating  layer  into 
which  chipmakers  etch  elec¬ 
trical  circuits,  among  other 
functions.  Chipmakers  today 
bake  silicon  wafers  in  fur¬ 
naces  at  up  to  1,000  degrees 
centigrade  to  construct  this 
silicon  dioxide  layer  quickly. 

The  U.K.  researchers  have 


made  the  process  work  by 
using  energy-efficient  UV 
lamps,  providing  a  cleaner 
and  significantly  less  expen¬ 
sive  solution.  Set  to  the  right 
wavelengths,  UV  lamps  can 
create  the  silicon  dioxide 
layer  at  room  temperature, 
the  researchers  say. 

Much  testing  remains, 
so  it  could  be  several  years 
before  the  technology  is 
ready  for  commercial  use, 


says  Ian  Boyd,  the  project 
leader  and  chair  of  electronic 
materials  at  the  university’s 
Department  of  Electronic 
and  Electrical  Engineering. 
Some  chip  manufacturers 
have  expressed  interest  in 
the  research  work,  Boyd  says, 
but  chipmakers  are  famously 
conservative  about  making 
changes  to  their  manufactur¬ 
ing  processes. 

-James  Niccolai 


PHOTO  BY  ANDREA  GINGERICH/ISTOCKPHOTO 


www.cio.com  |  SEPTEMBER  1,  2006  15 


s 

5  security  Now  that  identity  thieves  have  almost  perfected  phishing, 

Q  they’ve  moved  on  to  “vishing”:  Scammers  are  using  voice-over-IP  (VoIP)  tele- 

z  phone  numbers  to  trick  people  into  revealing  credit  card  and  bank  information, 

u 

k  says  Paul  Henry,  vice  president  at  Secure  Computing.  The  Internet  security 
software  maker  has  seen  just  four  vishing  scams  to  date,  but  expects  the  prac¬ 
tice  to  “explode,"  Henry  says. 

In  phishing  schemes,  scammers  send  e-mail  that  looks  like  it  comes  from  a 
bank,  credit  card  company  or  PayPal.  The  e-mail  typically  says  the  recipient’s 
account  has  been  compromised  and  needs  information  confirmed,  and  includes 
a  link  to  an  official-looking  site.  In  “vishing,”  identity  thieves  ask  people  to  call 
a  phone  number  attached  to  a  VoIP  account.  Such  accounts  can  be  obtained 
easily  online  through  services  like  Skype  or  retailers  such  as  Vonage  reselling 
VoIP  products,  Henry  says. 

In  one  vishing  case,  scammers  targeted  PayPal  users  by  including  a 
telephone  number  in  an  e-mail.  In  another  case,  criminals  used  an  automatic 
dialerto  call  potential  victims  and  play  a  recordingthat  warned  of  fraudu¬ 
lent  credit  card  activity.  The  recording  asked  people  to  call  a  number  (with  a 
spoofed  caller  ID)  and  confirm  personal  data. 

Unfortunately,  at  this  point  there's  not  much  CIOs  can  do  to  protect  their 
companies'  employees  and  customers  from  being  vished,  Henry  says.  It  would 
be  smart  to  alert  your  company’s  employees  and  your  call  center  reps  who 
interact  with  customers  to  the  vishing  trend,  though.  Reps  can  instruct  custom¬ 
ers  to  hang  up  on  a  suspicious  automated  call  and  instead  call  the  number  listed 
on  the  credit  card  or  bank  statement.  -Grant  Gross 


First  Phishing,  Now  Vishing 


Gotta  Have  a 


35 


of  laige  companies  plan 
to  launch,  upgrade  or  replace  weblog 
authoring  systems  in 2006. 


•  A 


, r-  S 


already  publish  internal 
or  external  blogs. 


\  -,r  • 


SOURCE:  JupiterResearch  survey  of  251  companies  with  $50  million  or  more  In  revenue 


Continued  from  Page  15 


The  most  important  lesson  Ward  learned 
during  Katrina:  Communication  with 
employees  is  critical  to  getting  an  IT  depart¬ 
ment  and  a  company  back  on  its  feet.  Before 
the  storm,  her  department  owned  five  satel¬ 
lite  phones  (important  in  disaster  situations 
since  cell  phones  often  don’t  work);  but  they 
were  older  models,  and  proved  to  be  heavy 
and  cumbersome  to  use.  For  a  period  of 
several  days  following  Katrina,  for  example, 
Ward  talked  with  her  employees  via  radio 
communications.  Now  the  company,  which 
is  a  unit  of  Southern  Co.,  owns  74  new, 
smaller  satellite  phones  assigned  to  key 
locations. 

Before  Katrina  hit,  Mississippi  Power  had 
installed  an  extensive,  self-healing  fiber  ring 
network,  which  the  company  owns  and  main¬ 
tains  itself,  to  ensure  that  operations  centers 
like  the  storm  center  get  access  to  critical 
applications.  When  individual  fiber  routes 
failed  during  Katrina,  the  network  was  able 
to  reroute  data  and  continue  working.  After 
the  storm,  Ward’s  team  added  microwave 
systems,  similar  to  satellite  dishes,  so  the 
company  is  not  dependent  on  leased  telecom¬ 
munications  landlines  from  Bell  South  for 
voice  communications  during  a  storm.  At 
the  command  center,  she’s  added  waterproof 
walls  and  raised  equipment  off  the  ground. 

Ingenuity  also  plays  a  part  in  any  disaster 
recovery,  Ward  now  recognizes.  At  Missis¬ 
sippi  Power’s  corporate  headquarters  near 
the  beach,  a  key  generator  sank  under  water 
just  after  the  storm  hit.  Linemen  worked  to 
place  a  large  electrical  cable  from  a  portable 
generator  up  to  the  seventh  floor  data  center 
in  order  to  restore  power  at  the  company’s 
telecom  hub  for  voice  and  data. 

Ward  says  she  feels  better  prepared 
now  to  help  her  company  survive  a  similar 
storm.  In  addition,  she  is  working  to  upgrade 
software  that  tracks  employees  and  power- 
restoration  resources  in  the  event  of  disaster. 
“We’re  still  looking  at  everything  from  a 
worst-case  scenario,”  Ward  says.  “From  the 
IT  side,  I  feel  much  better  prepared  than 
pre-Katrina.”  -Susannah  Patton 


16  SEPTEMBER  1,  2006  |  www.cio.com 


PHOTO  BY  DAN  TERO/ISTOCKPHOTO 


IF  YOU’RE  NOT 


USING  INTELLIGENT 
COMMUNICATIONS, 


WHAT  SORT  OF 


COMMUNICATIONS 
ARE  YOU  USING? 


Introducing  the  Avaya 
one-X™  Deskphone  Edition. 
Unleashing  the  power  of 
IP  telephony. 


In  fact,  business  professionals  estimate 
the  following  productivity  gains  with 
the  one-X  Deskphone  Edition:* 


Avaya,  the  global  leader  in  voice 
communications,  continues  to  lead  the 
way  in  Intelligent  Communications. 

The  one-X  Deskphone  Edition,  part  of 
our  one-X™  family  of  powerful  solutions, 
can  help  take  the  productivity  of  your 
business  to  a  whole  new  level.  It  is 
loaded  with  the  features  and  benefits 
you  told  us  you  wanted— high-fidelity 
sound,  an  intuitive  user  interface,  and 
enhanced  functionality  that  leads  to 
greatly  improved  productivity. 


33%  less  time  searching  for  call  contacts 
50%  less  time  playing  phone  tag 
50%  cost  savings  on  conferencing 


See  all  the  ways  the  one-X  Deskphone  Edition 
can  help  you  maximize  the  possibilities  of 
IP  telephony  and  give  your  business  a 
competitive  advantage. 


IP  Telephony 
Contact  Centers 
Mobility 
Services 


“See  it,”  “Hear  it,”  and  “Feel  it”  at: 

avaya.com/seeitnow 
Are  you  one-Xperienced? 


AVAyA 


‘Avaya  Productivity  Survey,  April  2006  (claims  based  on  survey  data,  not  actual  usage) 

©2006  Avaya  Inc.  All  Rights  Reserved.  Avaya,  the  Avaya  Logo,  and  all  trademarks  identified  by  ®,  and  TM  or  SM 
are  registered  trademarks,  trademarks,  or  service  marks  of  Avaya  Inc.,  and  may  b'e  registered  in  certain  jurisdictions. 


’s  Vailing  Grade 


education  CIOs  who  haven’t  thought  about  ways  to 
help  improve  computer  science  education  in  U.S.  high  schools 
could  soon  be  in  for  a  rude  awakening.  A  recent  study  by  the 
Computer  Science  Teachers’  Association 
(CSTA)  reveals  a  host  of  problems  plagu¬ 
ing  technology  education  at  the  K-12  level, 
which  could  lead  to  a  critical  shortage  of  IT 
professionals  starting  in  2012  and  to  limited 
career  opportunities  for  today’s  students. 

Only  a  quarter  of  U.S.  high  schools 
have  a  computer  science  requirement,  the 
CSTA  reports.  Computer  science  teach¬ 
ers  lack  time  for  training  and  struggle  for 
resources.  Female  and  minority  students 
are  underrepresented  in  these  courses. 

And  students  struggle  to  add  computer 
science  to  their  packed  schedules. 

The  National  Science  Foundation  cre¬ 
ated  the  CSTA  last  fall  to  support  teachers. 

For  example,  the  CSTA  examined  other 
countries  that  have  tackled  computer  edu¬ 
cation  woes,  then  created  a  model  curricu¬ 


High  School 
Computer  Science 
Report  Card 

89o/o  of  computer  science 
teachers  feel  isolated  and  lack 
support  from  school  administra¬ 
tors. 

74%  of  high  schools 
don’t  require  students  to  take 
computer  science. 

Only  40%  offer  an  advanced 
placement  (college-level)  com¬ 
puter  science  course. 


SOURCE:  "The  New  Educational  Impera 
tive:  Improving  High  School  Computer 
Science  Education,"  CSTA 


lum  and  implementation  advice. 

CSTA  also  works  with  policymakers  and  teenagers,  hop¬ 
ing  to  increase  student  interest  and  ensure  smart  spending  of 
computer  science  education  funds.  The  key 
with  students,  says  CSTA  executive  director 
Chris  Stephenson,  is  stressing  the  connec¬ 
tion  between  their  interests,  like  health  care 
or  the  environment,  and  computer  science 
classes  offered  in  their  schools. 

CIOs  can  help  by  lobbying  state  and  local 
policymakers  and  by  speaking  at  schools 
about  job  opportunities,  Stephenson  says. 

CIOs  can  also  encourage  their  employers 
to  invest  in  education  initiatives.  “There’s  a 
real  ROI  to  that,”  Stephenson  says.  “We’re 
the  start  of  the  pipeline.  If  you  don’t  get 
engaged  at  this  level,  you’re  not  going  to  have 
the  workers  that  you  need  to  remain  innova¬ 
tive.”  (For  more  about  how  forward-thinking 
CIOs  are  approaching  education,  see  “Flow 
to  Hook  the  Talent  You  Need,”  Page  40.) 

- Stephanie  Overby 


a 

m 

j 

s 

u 

a 

h 


Mapping  for  IT  Success 


STRATEGIC  PLANNING  Few 

travelers  would  attempt  a  drive  some¬ 
where  new  without  a  road  map.  An  expo¬ 
nentially  simpler  version  of  what  a  driver 
will  see.  a  map  provides  touch  stones  of 
what’s  important  to  navigation. 

Similarly,  a  strategic  road  map  distills 
what  can  be  the  complicated  landscape  of 
an  organization’s  business  strategy  into  a 
one-page  graphic.  It  answers  three  ques¬ 
tions:  Where  are  we  now?  Where  do  we 
want  to  go?  How  do  we  get  there? 

Strategic  road  maps  can  be  particularly 
useful  to  an  IT  group,  since  developing  one 
requires  alignment  with  business  goals 
and  a  common  language,  says  Robert 
Phaal,  professor  at  the  Centre  for  Tech¬ 
nology  at  the  University  of  Cambridge. 
Phaal,  who  has  worked  with  a  wide  range 
of  companies  to  develop  strategic  road 


maps,  says  that  because  road¬ 
mapping  principles  are  generic, 
they  can  be  adapted  to  any  type 
of  company  or  strategy.  They  are 
especially  useful  in  supporting  innovation 
because  they  translate  abstract  ideas  into 
something  more  concrete. 

For  example,  a  company  that  makes  dis¬ 
play  technology  uses  a  road  mapto  illus¬ 
trate  how  technologies  in  the  R&D  phase 
are  forecasted  to  progress  by  showing  how 
they  could  be  used  by  various  products, 
first  for  a  watch  face,  then  for  cell  phones 
and  f  inal  ly  for  a  computer  display.  Next  to 
a  picture  of  each  product  is  two  short  lines 
about  its  technological  features  and  a  few 
more  about  its  market  implications.  The 
display  technology  road  map  translates 
highly  technical  information  into  simple 
visuals  and  text  that  leaders  outside  the 


IT  group  can  understand. 

That  simplicity  is  deceptive,  Phaal 
says.  Representatives  from  across  the 
enterprise  must  meet  and  develop  the 
one-page  view  of  business  strategy,  then 
synthesize  their  partial  views  into  a  holis¬ 
tic  one.  Creating  the  road  map  also  points 
out  gaps  in  the  strategy  or  ways  a  project 
may  become  a  dead  end.  For  these  rea¬ 
sons,  Phaal  says,  “Many  find  the  process 
of  road-mapping  even  more  valuable  than 
the  road  map  itself.” 

-D/'ann  Daniel 


18  SEPTEMBER  1,  2006  |  www.cio.com 


PHOTO  BY  ANTHONY  HALL/ISTOCKPHOTO 


INNOVATIONS  IN 


r 


Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


ife| 


-WSSJ: 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  every  Florida  child  in  need.  ” 


JOHNNY  C.  WHITE 
CIO 


Florida  Guardian  ad  Litem  Program 


Access  your  future  today  at 
citrix.com. 


©2006  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix®  is  a  trademark  of  Citrix  Systems,  inc. 
and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent 
and  Trademark  Office  and  in  other  countries.  All  other  trademarks  and  registered 
trademarks  are  the  property  of  their  respective  owners. 


CITRIX 


DLINES 


wireless  It’s  the  frustrating  part  of  going  out  for 
dinner:  Your  waiter  seems  to  have  eyes  for  everyone 
but  you.  Trying  to  zap  this  annoyance,  Fatz  Cafe,  a 
restaurant  chain  based  in  South  Carolina,  is  deploy¬ 
ing  wireless  technology  to  let  patrons  electronically 
communicate  with  their  servers. 

Fatz  Cafe  has  implemented  the  technology  at 
one  restaurant  and  has  signed  a  contract  with  ESP 
Systems  to  install  it  enterprisewide  at  32  locations. 
Steve  Bruce,  president  and  CEO  of  Fatz  Cafe,  says  the 
technology  has  helped  turn  more  tables  and  boost 
customer  service. 

“It's  still  in  its  infancy,  but  it  addresses  our  needs 
more  than  anything  I’ve  seen,"  says  Bruce. 

Here’s  how  it  works:  Each  server,  host  and  manager 
wears  a  watch  that  is  connected  wirelessly  to  a  hub 
at  each  table.  After  the  hostess  seats  a  party,  a  server 
greets  the  diners  and  hands  them  a  disc  that  is  about 
2.5  inches  in  diameter.  Once  the  customer  pops  the 
disc  into  the  table’s  wireless  hub,  he  or  she  can  click 
down  on  the  disc  to  ping  the  server’s  watch  and  get 
attention.  From  a  managerial  standpoint,  the  technol¬ 
ogy  helps  supervisors  see  which  tables  need  help  and 
shift  manpower  quickly,  says  Devin  Green,  CEO  of 
ESP  Systems.  For  example,  if  a  server  is  dealing  with 
multiple  tables  on  a  busy  night,  the  system  catalogs  the 
requests  in  the  orderthey  were  received.  If  the  waitstaff 
is  overwhelmed,  the  requests  can  be  forwarded  to  a 
manager,  who  can  help  out  or  redistribute  personnel 
within  seconds.  Fatz  Cafe’s  waiters  have  warmed  to  the 
idea,  Bruce  says. 

"With  servers,  you  get  a  little  apprehension  at  first 
and  some  skepticism,”  he  says.  "But  once  they  saw 
how  much  it  helped  them,  they  were  very  accepting 
of  the  equipment."  -C.G.  Lynch 


Smarter 
IT  Service 
Delivery 

management  report  If  you  think  your  IT  department  deliv¬ 
ers  good  service,  think  again.  According  to  a  recent  paper  by  consultancy 
Macehiter  Ward-Dutton,  few  organizations  are  able  to  run  IT  efficiently  while 
being  responsive  to  business  needs. 

Tight  IT  budgets  have  forced  CIOs  to  do  more  with  less,  says  the  paper’s 
author,  Jon  Collins,  principal  analyst  with  the  U.K. -based  company.  “But 
efficiency  doesn’t  actually  benefit  the  business,  apart  from  saving  money  on 
the  IT  budget,”  Collins  argues.  Rather,  he  says,  service  delivery  also  has  to  be 
effective,  meaning  it  must  provide  tangible  business  benefits. 

The  reason  why  it  often  doesn’t:  There’s  a  divide  between  the  applica¬ 
tion  development  side  of  the  IT  shop  and 
the  group  responsible  for  operations  and 
maintenance.  Developers  build  new  sys¬ 
tems  without  much  input  from  the  systems 


ness  processes  on  IT  infrastructure  and 
applications  and  incorporate  that  informa¬ 
tion  into  IT  project  decisions. 

“I  don’t  believe  there’s  this  kind  of  nir¬ 
vana  when  everything  will  work  beautifully 
together,  but  organizations  can  work  a  lot 
better,”  Collins  says. 

He  suggests  a  path  to  achieving  IT  service 
management  maturity  that  is  similar  to  models  for  good  software  development. 

As  with  software,  the  key  to  IT  service  maturity  is  establishing  repeatable  pro¬ 
cesses.  Companies  may  begin  without  specific  processes  for  managing  IT  service 
delivery.  Along  the  path  to  maturity,  IT  organizations  define  formal  processes  and 
service-level  agreements  with  business  users.  At  the  most  sophisticated  level,  IT 
adjusts  its  service  delivery  continually,  according  to  business  demands. 

For  example,  an  IT  shop  at  a  bank  might  support  a  set  of  call  center  applica¬ 
tions.  If  the  bank  wants  to  add  mortgages  to  the  products  it  supports  through  its 
call  center,  the  IT  department  needs  to  be  flexible  enough  to  quickly  update  the 
call  center  applications  and  adjust  how  it  supports  those  apps  going  forward. 

To  get  started,  Collins  recommends  CIOs  build  a  business  case  for  invest¬ 
ing  in  the  resources  necessary  to  improve  service  delivery:  CIOs  will  need  to 
identify  the  most  important  services  that  IT  provides  the  business,  investi¬ 
gate  how  to  improve  these  services,  and  determine  the  related  costs  for  tech¬ 
nology,  staff  resources  and  training.  -Elana  Varon 


administrators  who  later  have  to  run  them. 
A  holistic  view  of  IT  service  delivery  would 
take  into  account  the  requirements  of  busi- 


iSaeP- 


Effective 
IT  service 
delivery 


m 


business 

results. 


20  SEPTEMBER  1,  2006  |  www.cio.com 


PHOTO  BY  LISA  GAGNE/ISTOCKPHOTO 


Bank  of  New  York  Makes  CIO  Innovation  Chief 


on  the  move  In  June,  The  Bank  of 
New  York  tapped  its  CIO,  KurtWoetzel,  to 
lead  a  new  Office  of  Innovation.  Woetzel 
says  the  investment  bank’s  executive  team 
(of  which  he  is  a  member)  created  the  new 
organization  to  accelerate  top-line  revenue 
growth  by  creating  a  constant  stream  of 
new  products  and  customer  services. 

“The  Office  of  Innovation  will  bring 
together  resources  for  generating  new 
ideas,  validating  new  business  opportuni¬ 
ties  and  bringingthose  opportunities  to 
fruition  very  quickly,"  says  Woetzel. 

A  21-year  veteran  of  The  Bank  of  New 
York,  Woetzel  already  knows  the  business, 
the  customers  and  the  internal  employees 
to  make  things  happen.  He  once  served  as 
a  division  head  of  the  $8.3  billion  bank’s 

cio.com 


broker-dealer  services 
business.  His  CIO  experi¬ 
ence,  he  says,  provides  an 
additional  benefit.  “I  have 
a  great  perch  that  allows 
me  to  look  across  ail  of  our 
business  on  an  enterprise 
level  and  see  opportuni¬ 
ties  at  the  seams  of  our  businesses  that 
others  don’t,"  says  Woetzel. 

Although  The  Bank  of  New  York  is  not 
alone  in  establishing  an  internal  group 
chartered  with  innovation  (Computer 
Sciences  Corp.,  AMD  and  Citigroup  have 
also  done  so  in  the  past  18  months),  its 
appointment  of  the  CIO  to  lead  the  effort 
is  unusual,  says  James  P.  Andrew,  a  senior 
VP  within  The  Boston  Consulting  Group. 


Kurt  Woetzel 


m 


Because  their  peers  still  don’t 
see  them  as  business  strategists, 
CIOs  aren’t  typically  put  in  charge 
of  innovation,  he  says.  Usually, 
companies  appoint  a  chief  inno¬ 
vation  officer— “the  other  CIO,” 
according  to  Andrew— who  is 
someone  who  has  a  head  for 
business,  understands  customers  and  can 
sell  ideas  with  influence. 

The  attention  to  innovation  is  a  reaction 
to  companies  exhausting  disciplines  such 
as  Six  Sigma  for  improving  quality  and 
productivity,  says  Andrew.  “With  the  stock 
market  increasingly  rewarding  growth, 
companies  are  realizing  the  importance 
of  innovation  and  its  ability  to  drive  that 
growth,”  he  says.  -Meridith  Levinson 


h 

a 

« 

a 

a 

r 

M 

a 

E 


Read  Meridith  Levinson's  MOVERS  AND  SHAKERS  blog  for  the  latest  moves.  Find  it  at  blogs.cio.com. 


©2006.  MRO  Software,  Inc.  All  rights  reserved.  Maximo  is  a  registered 
trademark  and  MRO  Software  is  a  trademark  of  MRO  Software,  Inc. 


IT  supports  and  controls  the 
applications  that  run  the  business. 

Now  there's  an  application  to  su  iport 
and  control  the  business  of  IT. 


Maximo®  ITSM,.  the  most  comprehensive  IT  asset  and  service 
management  solution,  substantially  improves  the  business 
of  IT,  significantly  increasing  the  value  IT  brings  to  an  organiza¬ 
tion.  By  unifying  IT  service,  asset  and  work  management  on 
a  single  software  platform,  Maximo  ITSM  delivers  the  control 
and  visibility  you  need  to  align  IT  service  levels  with  your 
overall  business  goals.  All  you  need  to  integrate  and  automate 
processes,  reduce  unplanned  outages,  standardize  and  share 
information  and  surpass  service-level  commitments.  To  make  your 
IT  organization  more  efficient  and  more  valuable,  download 
our  whitepaper  at  www.maximoit.com/cio  or  call  800-326-5765. 

COUNTED  CONTROLLED  MAXIMIZED 

mro  software 


make  it  a  1 1,  count 


Innovations  by  InterSystems 


Messaging,  plus. . . 


Business  Process  Orchestration,  plus. . . 


Composite  Application  Development,  plus. . . 


Business  Activity  Monitoring 


Integrate  Your  Enterprise. 

Tackle  Any  Type  of  Integration  With  Ensemble. 

Ensemble  is  the  first  product  that  enables  fast  integration  and  rapid  development.  This  unique 
platform  combines  the  capabilities  of  an  integration  server,  data  server,  application  server,  and 
portal  development  software. 

What  makes  this  possible  is  an  innovation  by  InterSystems:  We  developed  Ensemble  as  a  single 
technology  stack,  not  a  stitched- together  suite  of  separate  components.  With  a  unified  environment 
for  integration,  development,  and  management,  Ensemble  dramatically  reduces  time-to-solution. 

We  back  these  claims  with  this  money-back  guarantee:  For  up  to  one  year  after  you  purchase 
Ensemble,  if  you  are  unhappy  for  any  reason,  we’ll  refund  100%  of  your  license  fee.  *  We  are 
InterSystems,  a  global  software  company  with  a  track  record  of  innovation  for  more  than  25  years. 

InterSystems 

ENSEMBLE 

Request  a  FREE  proof-of-concept  project  at  www.InterSystems.com/Ensemblel6F 


*  Read  about  our  money- back  guarantee  at  the  web  page  shown  above. 

©  2006  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Ensemble  is  a  registered  trademark  of  InterSystems  Corporation.  7  06  EnsInnol6  CIO 


Really  Simple 
Syndicat  on 
can  improve 
business 
processes 
and  help 
overwhelmed 
employees 
better  manage 
information 


By  Invitation  Only 

BY  GALEN  GRUMAN 


KNOWLEDGE  MANAGEMENT  |  Cliff  Bell  came  to  a  somewhat  shocking  realization 
last  year:  The  two  most  important  Internet  software  applications  in  recent  history— e-mail 
and  Web  browsers— were  failing  his  company.  Overwhelmed  by  e-mail  and  lacking  the 
time  and  energy  to  surf  the  company’s  intranet  for  important  information,  employees 
simply  weren’t  getting  the  information  they  needed  to  do  their  jobs.  “People  often  don’t 
check  [an  intranet]  landing  page,”  says  Bell,  who  is  CIO  of  Phoenix  Technologies,  a  maker 
of  electronics  components  for  PC  motherboards.  “And  if  you  send  them  an  e-mail,  it’s  not 
often  read.” 

But  Bell  did  notice  that  “blogs  get  traction.”  That  led  him  to  explore  Really  Simple  Syn¬ 
dication  (RSS),  a  new  model  for  keeping  employees,  customers  and  business  partners  up 
to  date,  one  that  pushes  relevant  information  to  them  via  subscription  rather  than  rely¬ 
ing  on  their  ability  to  find  the  information.  For  example,  Phoenix’s  legal  team  uses  RSS 
for  legal  review,  mixing  RSS  subscriptions  with  internally  generated  feeds  for  specific 
projects.  With  RSS,  the  lawyers  no  longer  have  to  trawl  through  e-mail  or  the  intranet  to 
find  out  what’s  going  on  with  a  particular  project;  they  can  rest  assured  that  if  something 
new  happens,  they  will  hear  about  it.  The  result  is  a  common,  instantaneous  channel 
for  legal  staff  to  share  information  and  add  their  own  comments  to  it.  Bell  envisions  the 


ILLUSTRATION  BY  KATY  LEMAY 


www.cio.com  |  SEPTEMBER  1,  2006  23 


essential  technology 


use  of  departmental  or  project-based  RSS 
feeds  throughout  the  company,  as  well  as 
a  common  corporate  channel  for  compa¬ 
nywide  announcements. 

Beyond  the  News 

Best  known  as  the  delivery  technology  for 
many  blogs  and  for  content  sites  such  as 
Yahoo  and  USA  Today,  RSS  formats  mes¬ 
sages  in  XML  for  delivery  over  a  network 
or  the  Internet  to  a  reader— an  e-mail 
program,  Web  browser  or  dedicated 
application— that  displays  the  messages 
much  like  e-mail  or  a  webpage.  But  RSS  is 
based  on  a  subscription  approach,  where 


consider  useful. 

CIOs  who  are  pushing  the  original  defi¬ 
nition  of  RSS  are  doing  so  in  two  primary 
ways:  One  is  inside  the  enterprise,  to  cre¬ 
ate  ad  hoc  groups  that  can  subscribe  to 
and  comment  on  the  same  core  informa¬ 
tion,  whether  for  engineers  working  on 
a  new  design  or  HR  staff  analyzing  the 
latest  standards  and  regulations.  The 
second  method  is  to  focus  outside  the 
enterprise  by  using  RSS  to  deliver  custom 
information  that  partners  and  customers 
subscribe  to,  such  as  the  ongoing  status 
of  an  order  or  transmitting  current  cus¬ 
tomer  leads  to  distributors. 


With  RSS,  the  lawyers  no  longer 
have  to  trawl  through  e-mail  or 
the  intranet  to  find  out  what’s 
going  on  with  a  particular  project. 
it  something  new  happens,  they 
will  hearaboutit. 


recipients  decide  which  message  feeds 
they  want  delivered,  and  RSS  includes 
filtering  capabilities  (for  example,  a 
subscriber  may  specify  that  only  stories 
related  to  mergers  and  acquisitions  in  a 
legal  newsletter  should  be  sent)  to  keep 
received  messages  on  target.  It’s  that  fil¬ 
tered,  subscription  approach  that  enter¬ 
prises  can  take  advantage  of  to  create  a 
communications  channel  that  recipients 


RSS  Moves  into  the  Enterprise 


►  To  help  CIOs  keep  up  with  RSS  and 
other  "new  channel”  technologies  such 
as  wikis  and  blogs,  Burton  Group  analyst 
Peter  O'Kelly  publishes  a  blog  devoted  to 
the  enterprise  perspective.  You  can  find  it  at 
www.burtongroup.com/research_consul 
ting/doc. aspx?cid=ll. 


►  When  you’re  ready  to  deploy  RSS  inside 
the  enterprise,  two  companies  currently 
offer  enterprise  RSS  server/feed  manage¬ 
ment  systems:  NewsGator  Technologies 

(www.newsgator.com)  and  KnowNow 
(www.knownow.com). 

cio.com 


The  Inside  Approach 

Ross  Szalay,  IS  director  for  the  law  firm 
Dykema,  took  the  internal  approach  to 
turbocharge  the  firm’s  ability  to  moni¬ 
tor  current  cases.  For  example,  an  attor¬ 
ney  in  charge  of  a  specific  client  account 
gets  a  regular  feed  of  all  specific  efforts 
undertaken  by  other  attorneys  for  the  cli¬ 
ent,  so  there’s  a  unified  view  of  the  ser¬ 
vices  the  client  is  getting— and  needs  to 
be  billed  for.  “That  billing  attorney  wants 
to  see  this  status,  but  he  does  not  want  to 
sort  through  all  the  details  in  our  case- 
management  database,”  says  Bill  Gratsch, 
Dykema’s  Web  technologies  director. 

Using  RSS  rather  than  e-mail  updates 
works  better  for  both  the  users  and  IT, 
notes  Szalay.  The  RSS  feeds  automatically 
go  into  separate  Microsoft  Outlook  fold¬ 
ers,  saving  users  the  effort  of  identifying 
relevant  messages  in  their  general  inbox. 
Because  the  RSS  system  sorts  and  filters 
the  messages,  Szalay’s  IT  staff  doesn’t 
have  to  configure  individual  users’  Out- 


RSS:  The  Next 
Generation 

The  technologies  aren’t  fully 
baked  yet,  but  the  recipes 
are  coming  together 

While  RSS  is  best  known  as  a  way 
to  f  i  Iter  the  vast  world  of  the  Web, 
most  CIOs  will  want  to  manage  the 
information  they  make  available  via 
RSS  from  behind  their  firewall  so  that 
outsiders  can’t  pry  into  the  innermost 
thoughts  of  the  company.  That  need 
has  prompted  two  companies— News- 
Gator  and  KnowNow— to  develop 
enterprise  RSS  platforms  to  serve 
as  in-house  RSS  aggregators  so  that 
CIOs  can  tailor  internal  and  external 
RSS  feeds  to  specific  needs. 

Uptake  of  RSS  has  been  slow  so 
far,  however,  because  to  access  RSS 
feeds,  users  typically  need  to  do  a  fair 
amount  of  configuring  of  standalone 
readers,  their  browser  or  an  e-mail 
client.  But  in  the  next  year,  the  major 
browser  and  e-mail  client  compa¬ 
nies— Microsoft  and  Mozilla— will 
include  native  RSS  support,  so  users 
can  read  and  manage  RSS  feeds  with 
minimal  configuration.  So  will  the  next 
version  of  Microsoft  Office,  notes  W. 
Gregory  Dowling,  senior  analyst  at 
JupiterResearch. 

Meanwhile,  enterprise  application 
providers  like  SAP  and  Oracle  already 
include  program  interfaces  to  support 
XML  exports  for  use  in  RSS  feeds— with 
the  major  portal  providers  soon  to  fol¬ 
low  suit,  notes  Dan  Keldsen,  senior  ana¬ 
lyst  at  the  Delphi  Group  consultancy. 
“More  and  more  commercial  vendors 
are  RSS-enabling  their  applications,” 
Keldsen  says.  And  the  increasing  popu¬ 
larity  of  Web  services— which  also  uses 
XML  as  a  standard  data  format— makes 
it  straightforward  to  generate  RSS 
feeds  from  homegrown  applications, 
he  adds. 

-G.G. 


24 


SEPTEMBER  1,  2006  |  www.cio.com 


©  Copyright  2006  GXS,  Inc.  All  Rights  Reserved, 


ill 


_ 


ly  chain  knew  wh 

before he 


— 


_ 


_ 


. . — 


— 


— 


WiSRW^B^S  jSm 


a 


S3* 


Microsoft- 


BizTalk  Server  2006 


GXS  Trading  Grid  is  Microsoft  s 
recommended  global  B2B 
network  for  BizTalk  Server. 


Anticipating  your  customers’  needs  has  always  been  good  By  combining  the  global  reach  and  intelligence  of  GXS  Trading  Grid™ 

business,  and  it  just  got  easier.  When  you  integrate  planning  with  the  power  and  simplicity  of  Microsoft  BizTalk™,  businesses 

with  execution,  you  strengthen  the  link  between  your  supply  ~  can  transform  an  existing  supply  chain  into  a  highly  responsive 
chain  and  business  strategy.  Which  is  why  GXS  and  Microsoft  network  that  shares  information  so  quickly,  it  predicts  what  a 

teamed  together  to  redefine  supply  chain  automation.  customer  wants  to  buy,  even  before  he  knows  it. 

To  learn  more  about  how  GXS  and  Microsoft  can  help  you  create  a  customer-facing,  demand-driven  network, 
visit  www.gxs.com/microsoft.  Or  call  +1-301-340-4000  outside  the  US,  or  800-560-4347  in  the  US. 

Extend  Supply  Networks  |  Optimize  Product  Launches  i  Automate  Warehouse  Receiving  |  Gain  Supply  Chain  Visibility  |  Manage  Payments  and  Cash 

.  .'  '  '  .  >ii‘i  ' ' ■ 


©GXS 


essential  technology 


look  clients  with  complex  message  filters 
to  achieve  the  same  sorting  result— nor 
maintain  them. 

The  Outside  Approach 

At  Jets  International,  which  provides  a 
matching  service  between  private-plane 
operators  with  unused  seating  capac¬ 
ity  and  executives  who  need  a  flight, 
the  emphasis  of  RSS  is  external,  to  keep 
suppliers  and  customers  up  to  date  on 
available  flights  and  customer  requests, 
according  to  Nate  McKelvey,  who  serves 
as  both  CEO  and  CIO  of  the  company. 
Plane  operators  have  a  custom  RSS  reader 
that  keeps  them  updated  on  customer 
requests  that  match  the  available  seating. 
(Jets  International  maintains  a  database  of 
available  jets  and  customer  flight  requests, 
generating  the  matched  data  for  each  cli¬ 
ent  and  sending  it  out  as  a  custom  RSS 
feed.)  The  reader  works  within  Google, 
so  the  operators  can  conduct  searches  for 
executives  with  specific  travel  needs  and 
further  customize  the  RSS  feed  results. 
McKelvey  is  working  on  a  similar  option 
for  executive  travelers. 

“We  won’t  have  to  worry  about  e-mail 
fatigue,  since  they  choose  what  to  get,” 
he  says.  But  the  bigger  benefit,  he  adds, 
is  the  ability  to  make  custom  data  easily 
available  from  multiple  sources,  since  it’s 
straightforward  to  generate  data  in  the 
XML  format  that  RSS  uses.  “You  can  now 
integrate  as  you  see  fit,”  McKelvey  says. 

Your  Experience  May  Vary 

The  downside  of  RSS  for  CIOs  at  this 
point  is  its  newness.  Because  it  isn’t  yet 
clear  how  RSS  will  be  used  and  where, 
CIOs  are  finding  that  they  need  to  do  a 
fair  amount  of  custom  configuring  of 
the  few  tools  available  to  meet  their  par¬ 
ticular  organizations’  needs  (see  “RSS: 
The  Next  Generation,”  Page  24).  In  Bell’s 
case,  he  had  to  integrate  his  enterprise 
RSS  aggregator  server  from  KnowNow 
with  his  Microsoft  SharePoint  portal  and 
Microsoft  ActiveDirectory  directory  ser¬ 
vice.  In  McKelvey’s  case,  he  had  to  write 
a  custom  reader  for  his  350  suppliers  of 


seats  on  private  planes  because  it  would 
have  been  too  difficult,  he  judged,  for 
his  suppliers  to  configure  a  generic  RSS 
reader  themselves.  The  complex  con¬ 
figuration  has  caused  him  to  hold  off  on 
delivering  RSS  feeds  to  the  company’s 
several  thousand  customers:  “I’ll  deploy 
it  to  them  when  there’s  no  configuration 
to  support,”  he  says. 

Similarly,  Szalay’s  in-house  developers 
have  to  write  the  applets  that  query  the 
databases  and  generate  the  RSS  files  that 
are  distributed  via  Dykema’s  RSS  server 
from  NewsGator.  Both  say  the  efforts  are 
not  difficult,  because  RSS  uses  just  a  por¬ 
tion  of  XML’s  functions,  making  the  pro¬ 
gramming  simple.  Plus,  developers  are 
typically  familiar  with  XML,  so  they  can 
usually  dive  right  in. 

From  Overload  to 
Management 

Like  other  knowledge-based  IT  projects, 
the  hard  benefits  from  the  targeted  infor¬ 
mation  delivery  that  RSS  provides  are 
difficult  to  quantify.  “How  do  you  judge 
the  ROI  of  accessing  information  more 
easily?”  asks  Phoenix  CIO  Bell.  His  RSS 
efforts  fall  into  the  technology  explora¬ 
tion  category,  part  of  ongoing  efforts  to 


63%  of  large 

companies 

will  have 

syndicated 

content 

via  RSS  by 

2007 

SOURCE:  JupiterResearch 


principal  analyst  at  the  research  firm 
Burton  Group.  While  pioneering  CIOs 
are  already  exploring  some  possibilities, 
they’re  all  guessing  at  this  stage,  he  notes. 

Bell  expects  the  use  of  RSS  will  increase 
employee  satisfaction— something  they 
can  measure— by  providing  an  alterna¬ 
tive  communications  channel  that  won’t 
overwhelm  them,  as  well  as  provide 
hard-to-quantify  work  efficiencies.  With 
RSS,  Bell  sees  himself  helping  people  to 
manage  information,  rather  than  simply 
installing  and  supporting  tools.  Analyst 


The  bigger  benefit  is  the  ability  to 
make  custom  data  easily  available 
from  multiple  sources,  since  it’s 
straightforward  to  generate  data 
in  the  XML  format  that  RSS  uses. 


identify  promising  technologies  that 
might  provide  his  business  a  competitive 
advantage.  “It’s  not  a  significant  amount 
of  budget,  since  I  don’t  know  what  I’ll 
get  out  of  it,”  he  notes.  Dykema’s  Szalay 
agrees  the  cost  is  small,  in  the  low  tens  of 
thousands  of  dollars.  “If  it  doesn’t  work 
out,  that’s  OK,”  he  says. 

“We  don’t  really  know  how  we  can  use 
RSS  for  work  purposes,”  says  Mike  Gotta, 


Gotta  concurs:  “You  have  to  let  people 
shape  their  own  world.  We  need  multiple 
paths  to  information  based  on  people’s 
work  style,”  he  says.  That’s  a  key  part  of 
the  RSS  promise.  B13 


Freelance  Writer  Galen  Gruman  can  be  reached 
at  ggruman@zangogroup.com.  Send  your  com¬ 
ments  to  Executive  Editor  Christopher  Koch  at 
ckoch@cio.com. 


28  SEPTEMBER  1,  2006  |  www.cio.com 


orange-business. com 


\N\<> -1.1.1/  MSI  HI  \l.  !!■  \lll<  OM'll  \  M  \  II  I  OKI  \t  K  \  III  .HI  ■>  I  \\  K  \t  N.tl. 


As  a  true  entrepreneur,  you  do  things  a  little  differently.  And  so  increase  your  chances 
for  success.  To  help  you  realize  your  full  potential  and  use  technology  to  break  down  barriers, 
Equant,  France  Telecom  and  Orange  have  joined  forces  under  Orange  Business  Services, 
opening  up  new  opportunities 


global  communications  mobility  secured  applications  outsourcing 


Business 

Services 


orange 


Hi  R.  Ryan  Nelson ^APPL1ED 1NS1GHT 


I 

* 


! 


ji 

f 


Tracks  in  the  Snow 

IT  projects  are  usually  judged  successes  or  failures  when  they  go  live.  But  look  back  and  you 
will  see  the  real  judgment  comes  later— and  that  requires  a  new  set  of  value  criteria. 


There’s  a  tradition  in  IT  project  management  that 
says  if  a  project  comes  in  on  time,  on  budget  and 
with  the  required  features  and  functions,  it  is  con¬ 
sidered  successful.  Meeting  that  standard  is  dif¬ 
ficult  enough.  A  continuing  study  of  thousands  of  IT  projects 
by  The  Standish  Group  consultancy  found  that  in  2004,  just 
29  percent  of  projects  were  successful. 

But  this  definition  of  success  needs  revising.  In  perform¬ 
ing  72  IT  project  retrospectives  at  57  organizations  since  1999, 
graduate  students  in  the  Master  of  Science  in  the  Manage¬ 
ment  of  Information  Technology  program  at  the  University 
of  Virginia’s  Mclntire  School  of  Commerce  have  discovered 
that  projects  that  were  found  to  meet  all  of  the  traditional  cri¬ 
teria  for  success— time,  budget  and  specifications— may  still  be 
failures  in  the  end  because  they  fail  to  appeal  to  the  intended 
users  or  because  they  ultimately  fail  to  add  much  value  to  the 
business. 

When  Success  Is  Failure 

We  call  these  “failed  successes.”  For  example,  a  real  estate 
management  company  successfully  completed  a  two-year 
project  to  develop  a  Lotus  Notes-based  CRM  application  that 
was  designed  to  provide  strategic  advantage  in  leasing  vacant 
space.  The  project  met  all  the  project  specifications  but  didn’t 
successfully  integrate  with  the  company’s  business  processes. 
So  in  the  end,  no  one  used  it.  The  company’s  CTO  put  it  best: 
“The  application  is  100  percent  effective  at  100  percent  partici¬ 
pation  and  zero  percent  effective  at  95  percent  participation.” 

Similarly,  projects  considered  failures  according  to  tra¬ 
ditional  IT  metrics  may  wind  up  being  successes  because 


28  SEPTEMBER  1,  2006  |  www.cio.com 


ILLUSTRATION  BY  DAVID  HOLLENBACH 


Thank  you  to  our  sponsors 
for  helping  to  make  the  8th  Annual 
CI0100  Symposium  &  Awards  possible. 


CIO  100  Symposium  Awards  are  proudly  underwritten  by 


X  cinqular 

raising  the  bar 


Sybase 


Official  Host  Sponsors 


- ’-BlackBerry : 


WIRELESS  DEVICES 


m  redhat 


OPEN  SOURCE 


i  R 1  s  e' 

VISUALIZE.  INNOVATE.  DBJVSL* 


APPLICATION  DEFINITION  SOFTWARE 


^  Symantec. 


SECURITY 


Sponsored  by 

<bmcsoftware  ^ds  Fujitsu  ®  ^  ^ The  future  in  tight 
INTERWOVEN  Microsoft 

Imlni  Demands 


See  You  Next  Year! 


Presented  by 


Business 

Technology 

Leadership 


R.  Ryan  Nelson  applied  insight 


despite  cost,  time  or  specification  problems,  the  system  is 
loved  by  its  target  audience  or  provides  unexpected  value. 
For  example,  at  a  financial  services  company,  a  new  system 
to  enable  rapid  development,  testing,  deployment  and  mea¬ 
surement  of  collections  strategies  and  to  improve  collections 
performance  was  six  months  late  and  cost  more  than  twice 
the  original  estimate  (final  cost  was  $5.7  million).  But  the 
project  ultimately  created  a  more  adaptive  organiza¬ 
tion  (after  13  months)  and  was  judged  to  be  a  great 
success— the  company  had  a  $33  million  reduction  in 
write-off  accounts,  and  the  reduced  time-to-value  and 
increased  capacity  resulted  in  a  50  percent  increase 
in  the  number  of  concurrent  collection  strategy  tests 
in  production. 


This  is  why  it’s  critical  for  CIOs  to  review  projects  both  dur¬ 
ing  and  after  installation  if  they  are  to  build  and  maintain  a 
long-term  project  success  rate.  Based  on  our  six  years  of  experi¬ 
ence,  retrospectives  should  be  conducted  after  completing  each 
major  milestone  in  large  projects,  and  one  to  two  weeks  after 
implementation.  Benefits  realization  should  be  conducted  later, 
when  business  value  metrics  can  legitimately  be  assessed. 


The  top  three  criteria  by  which 
stakeholders  judged  a  project's 
success  were  uniformly  product 
use  and  value. 


New  Criteria  for  Success 

Indeed,  the  true  impact  of  a  project  may  not  be  felt  until  long 
after  installation  is  complete.  The  study  data  showed  that 
beyond  the  traditional  metrics  of  time,  cost  and  product  (an 
acceptable  system  of  reasonable  quality  that  meets  specifica¬ 
tions),  the  following  additional  criteria  need  to  be  applied  to 
projects  to  determine  long-term  success. 

■  Use:  The  project’s  resultant  products  or  services  were  used 
by  its  intended  constituents. 

■  Value:  The  project  led  directly  to  the  organization’s  improved 
efficiency  or  effectiveness  (common  metrics  included  NPV, 
IRR,  EVA  and  the  Balanced  Scorecard). 

■  Learning:  The  project  increased  stakeholder  knowledge  and 
better  prepared  the  organization  for  future  challenges. 

Interestingly,  the  retrospective  data  showed  that  across  all 
stakeholders  (project  managers,  their  teams,  project  sponsors, 
top  management  and  users),  the  top  three  criteria  by  which 
stakeholders  judged  a  project’s  success  were  product,  use  and 
value,  respectively.  Meanwhile,  cost  was  ranked  lowest  overall. 
None  of  the  groups  ranked  learning  (preparing  for  the  future) 
in  their  top  three  criteria,  although  all  of  them  suggested  that 
learning  was  of  at  least  moderate  importance. 

Although  project  managers  and  team  members  seemed  to 
be  more  concerned  with  the  traditional  measures— in  other 

words,  getting  the  project 


The  Secrets  of  Project  Review 


To  download  a  template  that  shows 
how  to  do  a  project  review,  go  to 

www.cio.com/090106 

cio.com 


done  according  to  specifica¬ 
tion,  on  time  and  on  bud¬ 
get-users,  not  surprisingly, 
cared  most  about  whether 
the  system  would  be  used 
as  intended.  It’s  hard  to  get 
this  perspective  during  the  course  of  the  project.  The  issues 
that  matter  most  to  users— use  and  value— can’t  be  resolved 
until  after  the  project  is  complete  in  the  traditional  sense.  If 
maximizing  overall  stakeholder  satisfaction  is  important,  top 
managers  should  be  focusing  more  on  the  product,  use  and 
value  criteria. 


The  Benefits  of  Looking  Back 

If  done  right,  retrospectives  offer  a  variety  of  potential  ben¬ 
efits.  Effective  reviews  take  stakeholders  beyond  their  own 
personal  impressions  of  the  project  and  present  a  larger  view 
of  the  organizational  impact— a  project  that  may  have  seemed 
“a  nightmare”  to  an  overworked  IT  project  manager  may  actu¬ 
ally  be  tremendously  valuable  to  the  organization.  Reviews 
also  create  opportunities  to  make  improvements  in  processes, 
procedures  and  culture— rather  than  treating  each  project  as  a 
one-off,  in  which  the  lessons  of  earlier  projects  are  ignored  or 
forgotten.  Better  estimating  and  scheduling  of  future  projects 
are  possible  because  the  reviews  capture  historical  data  on  the 
true  size,  effort  and  time  involved  in  past  projects. 

Finally,  project  reviews  have  an  invaluable  human  aspect. 
If  a  project  w'ent  badly,  people  can  acknowledge  and  repair 
relationship  issues  so  that  future  projects  can  go  better.  If  the 
project  was  a  success,  the  review  lets  you  reflect  on  accom¬ 
plishments  before  going  on  to  the  next  problem. 

Project  reviews  expand  the  concept  of  the  project  time  line. 
It  can  be  difficult  to  adapt  to  the  new  way  of  thinking.  Project 
managers  must  negotiate  the  trade-offs  between  process  (time, 
cost  and  product)  and  outcome  (use,  learning  and  business 
value).  The  project  charter  should  include  negotiated  success 
metrics,  the  project  dashboard  should  enable  real-time  met¬ 
rics,  and  the  project  retrospective  should  document  the  actual 
results,  concluding  with  overall  stakeholder  satisfaction. 

IT  struggles  with  a  continuing  record  of  project  failure.  Yet 
the  key  to  improving  the  rate  of  project  success  may  lie  right 
underneath  managers’  noses,  in  the  form  of  comprehensive 
project  retrospectives.  There  is  a  lot  to  be  gained  from  looking 
into  the  rearview  mirror  from  time  to  time.  BQ 


R.  Ryan  Nelson  ( rnelson@virginia.edu )  is  a  professor 
and  director  of  the  Center  for  the  Management  of  Infor¬ 
mation  Technology  at  the  Mclntire  School  of  Com¬ 
merce  of  the  University  of  Virginia.  Send  comments  to 
Executive  Editor  Christopher  Koch  at  ckoch@cio.com. 


30 


SEPTEMBER  1,  2006  |  www.cio.com 


EMC2 

where  information  lives' 


Information  lives  at  companies  that  run  EMC®  software.  As  one  of  the  world’s  largest  software  providers,  we  help  companies  of  all  ;  ' 
sizes  store,  manage,  protect,  and  share  information.  We  can  do  the  same  for  you— across  applications,  across  platforms,  across  oceans. 
To  learn  more  about  how  the  full  range  of  EMC  software  can  help  you  and  your  company  move  up  in  the  world,  visit  software.EMC.com. 


EMC,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ©  Copyright  2006  EMC  Corporation.  Alt  rights  reserved. 


k/v 


; 


Peer  to  Peer 


FIELD-TESTED  IDEAS  FROM  CIOs  TO  CIOs 


Everyone  Gets  to  Play 

Good  IT  governance  is  not  about  committees,  processes,  forms  and  procedures. 

It’s  about  involving  as  many  people  as  possible.  And  then  it’s  IT’s  job  to  support  them. 

BY  LYNNE  H.  VOGEL 


IT  governance  certainly  has  moved  to  center  stage. 
MIT’s  Peter  Weill  published  a  book  simply  entitled  IT 
Governance ;  there  are  conferences  devoted  exclusively 
to  IT  governance;  an  IT  Governance  Institute  conducts 
research  on  the  subject  and,  of  course,  almost  every  consulting 
firm  under  the  sun  now  offers  services  to  review  and  redesign 
IT  governance  processes. 

Everyone  seems  to  be  talking  about  IT  governance,  and 
most  people  agree  that  careful  selection  of  who  makes  deci¬ 
sions  about  technology  investments  will  have  a  major  impact 
on  how  successful  those  investments  will  be.  But  how  do  you 
make  good  governance  happen?  The  real  challenge  is  not  the 
designing  of  committees,  processes,  forms  and  procedures;  it’s 
meeting  the  challenge  of  participation. 

Getting  people  involved  is  what  IT  governance  is  really 
about.  As  Weill  notes,  “Behaviors,  not  strategies,  create  value.” 
For  IT  governance  processes  to  make  a  difference,  one  of  the 
primary  behaviors  that  CIOs  need  to  encourage  is  the  broad 
participation  of  IT  customers. 

At  the  University  of  Texas  M.D.  Anderson  Cancer  Center,  we 
try  to  stay  away  from  calling  much  of  what  we  do  “IT  projects” 
because  we’ve  discovered  that  it  really  does  make  a  difference  if 
investments  are  viewed  as  projects  belonging  to  IT  or  projects 
belonging  to  the  business  and  enabled  by  IT.  Consequently, 
we  have  “business  projects”  in  which  IT  is  a  major  and  often 
critical  component.  Only  infrastructure  investments  are  called 
“IT  projects.”  By  changing  the  way  we  speak  about  projects, 
we  have  been  able  to  shift  the  focus  of  the  enterprise  from  the 
technology  decision  to  the  business  decision  about  how  tech¬ 
nology  should  be  used. 


32  SEPTEMBER  1,  2006  |  www.cio.com 


ILLUSTRATION  BY  PHUNG  HUYNH 


Its 


Gigabit  to  the  edge 


'TS 


The  GLL  LCLJ--L  LOLL>av^  source 

of  power  and  performance 


*** 

*** 


*** 

**• 


••• 

*** 


Switch  4202vl  48G 


he  incredible  speed  of  Gigabit  is  now  available  at  an  affordable  price, 
/hat’s  more,  this  comes  from  a  trusted  company  whose  dedication  to 
uality  and  reliability  allows  us  to  offer  the  industry’s  leading  lifetime 
rarranty.  With  ProCurve’s  comprehensive  series  of  Gigabit  switches, 
usinesses  can  now  confidently  and  cost-effectively  adopt  Gigabit 
ght  across  the  network. 


iew  the  HP  ProCurve  Gigabit  to  the  Edge  white  paper  at 
ww.hp.com/go/procurvegig3  or  call  (800)  975-7684  Ref.  Code  gig3. 


...  ProCurve  Networking 

HP  Innovation 


That 


©  2006  Hewlett-Packard  Development  Company,  L.P 


m 


* : 


Peer  to  Peer  !  FIELD-TESTED  ideas  FROM  CIOS  TO  CIOS 


Thought  Leaders, 

Opinion  Leaders  and  Others 

Just  recasting  IT  projects  as  business  projects  doesn’t,  how¬ 
ever,  guarantee  broad-based  participation  in  IT  governance. 
Building  participation  in  the  IT  governance  process  requires 
three  components: 

•  Involving  thought  and  opinion  leaders. 

•  Balancing  individual  needs  and  companywide  requirements. 
■  Providing  organizational  support  for  participation. 

The  first  step  is  to  understand  that  there  at  least  two  types  of 
participants  in  every  organization:  thought  leaders  (those  who 
can  think  outside  the  box)  and  opinion  lead¬ 
ers  (those  who  are  viewed  as  credible  and 
trustworthy  throughout  the  company). 

In  health-care  organizations,  for  exam¬ 
ple,  I  have  identified  physicians  who  are 
thought  leaders— the  first  to  try  a  new  tech¬ 
nology  and  the  first  to  want  remote  access 
to  clinical  data.  They  subscribe  to  technol¬ 
ogy  publications  and  install  sophisticated 
networks  at  home.  Opinion  leaders,  on  the 
other  hand,  tend  to  be  more  conservative  in  adopting  new 
technologies,  but  when  they  do  embrace  them,  you  can  be  sure 
that  their  colleagues  will  follow. 

A  successful  governance  process  requires  a  balance  of  par¬ 
ticipation  between  these  two  types  of  leaders.  Both  are  needed 
to  make  good  technology  decisions.  Thought  leaders  keep  us 
focused  on  what  the  future  holds;  opinion  leaders  keep  us 
grounded  in  what  will  really  work. 

Second,  the  governance  process  needs  to  include  both  those 
who  are  deeply  knowledgeable  about  the  business  processes 
in  their  own  departments  and  people  who  understand  the 
importance  and  potential  impact  of  IT  investments  across  the 

company  as  a  whole.  IT 
investment  decisions 
must  be  both  wide  and 
deep  in  order  to  be  truly 
effective. 

Third,  and  probably 
most  important,  gover¬ 
nance  processes  won’t 
function  well  without 
strong  organizational  support.  Participants  in  the  IT  invest¬ 
ment  decision-making  process  are  typically  volunteering  their 
time.  Tasks  such  as  providing  monthly  reports  on  IT  invest¬ 
ment  progress  and  assisting  in  the  development  of  benefits 
realization  and  ROI  studies  are  time-consuming.  Rather  than 
expecting  volunteers  to  do  all  this  on  their  own,  you  need  a  team 
dedicated  to  supporting  them  and,  by  extension,  the  governance 
process. 

Our  governance  team  at  M.D.  Anderson  started  out  as  a  tra¬ 
ditional  project  management  office  (PMO).  But  we  recognized 


Talk  Governance  with  Lynn  Vogel 


Join  a  teleconference  Sept.  12  at  4  p.m.  ET  with 
M.D.  Anderson  Cancer  Center  CIO  Dr.  Lynn 
Vogel  to  learn  more  about  how  he  obtained 
participation  in  I.T.  GOVERNANCE.  Register  in 
advance  at  www.cioexecutivecouncil.com/ 
public/teleconferences. 

cio.com 


that  many  of  our  IT-enabled  business  projects  were  actually 
managed  by  project  managers  within  the  business  units.  So 
our  focus  shifted  to  two  primary  functions: 

■  Supporting  the  work  of  the  various  committees,  including 
making  sure  that  projects  were  properly  documented  and 
that  monthly  financial  reports  got  produced. 

■  Serving  as  a  resource  to  project  managers  throughout  the 
company  by  sponsoring  training  seminars. 

Each  staff  member  in  our  new  Project  Support  and  Coordi¬ 
nation  Services  Office  is  a  trained  project  manager,  most  with 
formal  project  management  certification. 


Thought  leaders  keep  us  focused  on 
what  the  future  holds;  opinion  leaders 
keep  us  grounded  in  what  will  really 
work.  Both  are  needed  to  make  good 
technology  decisions. 


The  ROI  of  Participation 

After  a  major  redesign  of  the  IT  governance  process  at  M.D. 
Anderson  almost  two  years  ago,  we  were  able  to  increase 
overall  participation  tenfold.  We  now  have  200  people  (out  of 
16,000  in  the  organization)  taking  part  in  IT  governance.  Each 
of  these  people  spends  at  least  an  hour  a  month  focusing  on 
IT  investments— discussing  successes  or  failures,  monitoring 
the  progress  of  current  investments  and  looking  ahead  at  new 
directions  and  possible  investments  for  the  future. 

Are  our  IT  governance  processes  functioning  any  better  with 
all  of  this  participatory  behavior?  The  answer  is  yes.  In  a  formal 
review  of  our  IT  governance  process  by  an  independent  third 
party,  more  than  85  percent  of  a  sample  of  participants  thought 
that  the  redesigned  IT  governance  processes  were  a  definite 
improvement  over  our  previous  processes.  Having  business 
owners  participate  in  the  technology  decision-making  process 
creates  a  sense  of  ownership,  making  information  technology 
implementations  not  something  “done  to  the  business”  by  IT 
but  something  they  have  embraced  from  the  beginning. 

Broad  participation  in  IT  governance  has  been  a  critical 
factor  in  making  IT  investment  decisions  successful  at  M.D. 
Anderson.  One  might  even  argue  that  without  governance 
participation,  our  track  record  of  technology  success  would 
be  in  serious  trouble.  BE] 


Lynn  Harold  Vogel,  a  member  of  the  CIO  Execu¬ 
tive  Council,  is  vice  president  and  CIO  for  the  Uni¬ 
versity  of  Texas  M.D.  Anderson  Cancer  Center  in 
Houston  and  an  Adjunct  Assistant  Professor  in  the 
Department  of  Biomedical  Informatics  at  Columbia 
University. 


34  SEPTEMBER  1,  2006  |  www.cio.com 


WWW.INFORMATICA.COM/CIO 


Three  people 

WALK  INTO  YOUR  OFFICE 
WITH  3RD  QUARTER  NUMBERS 

AND  THEY’RE 


ALL  DIFFERENT. 


[  You  Need  Data  Integration] 


ver  eighty  percent  of  Fortune  100  companies  rely  on 
Informatica  to  solve  their  data  integration  problems.  Our 
open,  platform-neutral  architecture  enables  you  to  solve  the 
most  complex  data  integration  problems.  From  migrating  off 
your  legacy  systems,  to  consolidating  your 
software  applications,  to  synchronizing 


data  across  your  databases.  Using  Informatica,  you  can  derive 
the  most  business  value  from  all  your  data. 

With  more  than  2,300  customers  worldwide,  we  have  the 
track  record  to  best  address  your  data  integration  needs.  Call  us 
• . •  at  800-653-3871,  or  visit  our  website, 

INFORMATICA*  www.informatica.com/CIO. 

The  Data  Integration  Company™ 


2006  Informatica  Corporation.  All  rights  reserved.  Informatica,  the  Informatica  logo,  and  “The  Data  Integration  Company"  are  trademarks  or  registered  trademarks  of  Informatica  Corporation  in  the  U.S.  and  in  jurisdictions  throughout  the  world. 


1  Susan  Cramm  executive  coach 


Value?  Added. 

How  CIOs  can  engineer  a  “tipping  point”  to  speed  up  adoption  of  value  management 
practices  and  prove— once  and  for  all— that  IT  matters 


Business  leaders  continue  to  view  IT  spending  as  an 
expense  to  be  managed  and  not  an  investment  to 
be  optimized.  This  inability  to  quantify  the  value 
that  IT  delivers  to  the  business  is,  in  my  opinion, 
what  separates  the  CIO  from  a  seat  in  the  boardroom. 

Most  organizations  have  formed  investment  councils  and 
require  business  cases.  But  very  few  have  defined  a  “concept 
to  cash”  closed-loop  management  process  that  directs  invest¬ 
ments  based  on  strategic  portfolio  targets,  keeps  initiatives 
on  track  by  measuring  success  around  project  approach  and 
holds  senior  executives  accountable  for  demonstrating  value. 
After  all,  real  change  isn’t  easy. 

In  The  Tipping  Point,  Malcolm  Gladwell  discusses  engineer¬ 
ing  change  with  the  minimum  of  effort.  Although  conventional 
wisdom  says  the  progress  of  IT  value  management  will  be  evo¬ 
lutionary,  Gladwell  suggests  it  can  move  rapidly  if  the  three 
Tipping  Point  laws  are  applied:  the  power  of  context  (sensitivity 
to  environmental  signals),  the  stickiness  factor  (memorable 
content)  and  the  law  of  the  few  (the  influence  exerted  by  the 
socially  gifted). 

To  explore  the  potential  of  these  laws,  consider  the  practices 
in  place  at  a  small,  fast-growing  technology  company.  Since  its 
inception  10  years  ago,  the  company  has  invested  in  technol¬ 
ogy  to  sustain  growth  with  little  consideration  given  to  cost 
structure  or  vision  for  how  IT  will  support  its  competitive  posi¬ 
tioning  and  core  business  processes.  The  CFO,  COO  and  CIO 
make  decisions  regarding  IT  investments  on  a  case-by-case 
basis.  Requests  and  associated  IT  resource  allocations  are  frag¬ 
mented  by  department  and  have  tenuous  ties  to  strategy. 

Let’s  examine  the  power  of  context.  It’s  amazing  how  often 


36  SEPTEMBER  1,  2006  i  www.cio.com 


ILLUSTRATION  BY  RICH  LILLASH 


10010 


Wait!  (-wi  supposed  to  be 

<join(j  lA/ith  you  (juy<. 


«  2006  webMethods,  Inc.  All  rights  reserved.  The  webMethods  name  and  logo  are  registered  trademarks  of  webMethods,  Inc.  Get  There  Faster  is  a  trademark  of  webMethods,  Inc. 


www.  webMethods .  com 


Having  trouble  locating  orders? 


With  webMethods,  you’ll  improve  process  visibility  so  you  never  lose  a  sale 

What  if  your  order  booking  systems  and  processes  could  talk  to  you-in  real  time?  What  if  they 
could  help  you  avoid  delivery  delays,  prevent  missing  orders  and  help  you  deliver  on  promises 
to  customers?  Learn  how  by  watching,  "Achieving  the  Perfect  Order-to-Cash  Process” 
Webinar  series  at  www.webMethods.com/4DDEWebinar. 


webMethods. 

Get  There  Faster.™ 


:** 


V. 


W  Susan  CramnLHlx55«TIVE  COACH 


executives  fail  to  link  value  management  initiatives  to  strate¬ 
gies  and  programs  that  are  in  place  and  have  momentum.  In 
the  tech  company,  there  are  growth  concerns  since  its  pri¬ 
mary  market  is  becoming  saturated.  Yet  IT’s  top  objective 
is  the  integration  of  its  existing  ERP  processes  to  knit  sales 
together  with  downstream  supply  chain  activities.  In  terms 
of  the  company’s  emotional  energy,  this  initiative  is  a  yawner 
and  doesn’t  have  the  “coattails”  to  carry  a  value  management 
initiative. 

The  CIO  will  be  a  more  effective  catalyst  for  change  around 
IT  investment  if  he  taps  into  the  company’s  emotional  con¬ 
cerns  around  growth.  For  example,  the  CIO  has  uncovered 
business  strategies  that  call  for  expanding  sales  within  exist¬ 
ing  accounts  by  strengthening  customer  service  and  entering 
new  markets  with  current  products.  Using  this  information, 
the  CIO  can  help  frame  the  business  strategy  so  that  the  ERP 
initiative  is  linked  directly  to  these  goals. 

Now  that  the  CIO  has  captured  the  attention  of  senior 
executives,  she  can  demonstrate  the  fit  between  current 
and  requested  IT  projects,  and  define  a  targeted  IT  portfolio 
and  supporting  governance.  The  “closed-loop”  management 
process  should  focus  on  basics  such  as  ensuring  that  invest¬ 
ments  line  up  with  portfolio  targets,  possess  clear  standards 
for  accountability  and  success,  and  are  monitored  regularly 
via  a  project  dashboard. 

Next,  let’s  discuss  the  stickiness  factor.  Too  often,  value 
management  is  designed  for  the  needs  of  the  enterprise  and 
doesn’t  provide  value  to  the  manager  submitting  the  request 
for  IT  funding.  To  stick,  the  changes  must  benefit  everyone  who 
needs  to  comply.  Managers  will  promote  a  process  that  makes 
it  easier  for  them  to  get  funding  for  strategic  initiatives. 

There  are  several  ways  to  accomplish  this  at  the  technology 
company.  Senior  executives  could  establish  an  experimental 
fund  to  test  new  product  and  service  ideas.  They  might  insti¬ 
tute  a  fast-track  approval  process  for  growth  initiatives.  Or 
they  could  delegate  funds  to  business  unit  or  function  heads 
for  strategically  aligned  process  improvements  that  utilize 
existing  technologies  and  have  a  positive  ROI. 

Now,  let’s  explore  the  law  of  the  few,  which  identifies  an 
organization’s  influencers.  A  mistake  in  catalyzing  change  is 
to  overestimate  the  influence  of  mandates  from  the  top.  Senior 
executives  operating  alone  can  rarely  create  the  grassroots 
support  necessary  for  a  value  management  initiative.  But  by 
tapping  the  right  people  in  the  social  network,  support  will 
build,  provided  the  other  two  laws  are  respected.  The  tech 
company  needs  to  garner  sponsors  for  its  initiative  by  identi¬ 
fying  influencers  in  sales,  marketing  and  customer  support. 

CIOs  pushing  the  rock  of  value  management  uphill  need  to 
reconsider  their  approaches.  By  viewing  value  management 
as  a  change  initiative  and  leveraging  Gladwell’s  laws,  it  is  pos¬ 
sible  for  CIOs  to  accelerate  the  adoption  of  value  management 
practices  and  prove,  once  and  for  all,  that  IT  does  matter. 


Reader  Q&A 


Q:  Why  have  organizations  been  slow  to  embrace  IT 
value  management? 

A:  CIOs  haven’t  been  strong  advocates  of  it,  and  many 
organizations  have  weak  governance  mechanisms.  CIOs 
have  long  understood  proving  IT  value  is  important, 
but  they  have  lacked  practical  approaches  to  making  it 
a  reality  since  many  have  little  experience  in  finance  or 
Six  Sigma  disciplines. 

From  a  governance  perspective,  CEOs  have  expressed 
frustration  about  the  lack  of  understanding  around  IT 
value.  Given  the  magnitude  of  its  costs  and  frustration 
about  delivery,  IT  is  an  easy  target.  In  many  cases,  how¬ 
ever,  there  is  also  a  lack  of  measurement  and  account¬ 
ability  across  the  enterprise. 

It  is  hard  for  CIOs  to  sponsor  a  value  management 
initiative  and  it’s  easy  to  rationalize  a  lack  of  action,  but 
the  times,  they  are  a-changing.  Leading-edge  organiza¬ 
tions  such  as  Intel  are  proving  IT  value  management 
is  real  (see  Intel’s  solution  to  “Calculating  IT  Business 
Value”  at  www.itsharenet.org  under  IT  Management  & 
Finance). 


Have  a  Leadership  Question? 


For  more  reader  questions  and  answers 
from  Susan  Cramm,  go  online  to  www. 
cio.com/leadership. 

cjo.com 


Q:  Can  you  discuss  value  management  from  a  govern¬ 
ment  perspective? 

A:  Some  IT  leaders  think  value  management  is  more 
difficult  in  a  government  setting  because  there  isn’t 
a  P&L  and  therefore  no  financial  definitions  of  value 
beyond  costs.  The  good  news  is,  there  is  little  difference 
between  for-profit  and  nonprofit  approaches  to  IT  value 

management.  The 
approaches  that 
work  focus  on 
the  leading  indi¬ 
cators  to  value. 

These  are  opera¬ 
tional  measures  that  are  relevant  to  the  business  such  as 
customer  satisfaction,  sales  calls,  cycle  time  and  so  on. 
These  measures  can  be  defined  and  measured  regard¬ 
less  of  the  type  of  organization. 

Value  management  implodes  when  organizations  take 
a  purely  financial  view,  because  there  is  not  a  direct  cor¬ 
relation  between  many  investments  and  the  financials 
except  in  the  case  of  cost  cutting,  which  is  no  longer  the 
main  focus  of  IT  investments.  BE! 

Susan  Cramm  is  founder  and  president  of 
Valuedance,  an  executive  coaching  firm 
in  San  Clemente,  Calif.  E-mail  feedback  to 
susan@valuedance.com. 


38  SEPTEMBER  1,  2006  i  www.cio.com 


Fujitsu  PRIMEQUEST™  Servers.  Proven  reliability  to  span  your  enterprise  needs 


J-Syi}?  V~’'< 

- 

Fujitsu  PRIMEQUEST  servers  reflect  our  vast  mainframe  experience  as  well  as  our  deep  commitment 
to  reliability.  With  up  to  32  Intel®  Itanium®  2  Processors  each,  these  powerful,  enterprise-class  servers 
bridge  the  gap  between  the  Microsoft®  Windows®  and  Linux®  applications  you  depend  on  and  the 
mainframe-class  scalability,  performance,  and  reliability  you  need.  Go  to  www.us.fujitsu.com/reliability2 
for  more  information. 


SYSTEM  MIRROR  fault-immunity  transparently 
guards  against  hardware  errors 


FUJITSU 


LOWER  TOO  with  integrated  facilities 
that  simplify  administrative  tasks 


Itanium  2 


THE  POSSIBILITIES  ARE  INFINITE 


inside 


©  2006  Fujitsu  Computer  Systems  Corporation.  Ail  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  FRIMEQUEST  are  trademarks  or  registered  trademarks  of  Fujitsu  Limited  in  the  United  States  and  other  countries,  trite!,  intet  Logo.  Intel  Inside,  Intel 
Inside  Logo,  Itanium,  and  ttanium  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  or  trademarks  of  Microsoft  Corp. 
in  the  United  States  and/or  other  countries.  Linux  is  the  registered  trademark  of  Linus  Torvalds  in  the  U.S.  and  other  countries.  Aft  other  trademarks  mentioned  heren  are  the  property  of  their  respective  owners. 


Cover  Story  |  Staffing 


40 


HooktheTalent 


Th i  ngs  to  do  today  and  tomorrow  to  keep 
your  evolving  IT  department  stocked  with 
the  best  and  most  useful  employees 


Reader  ROI 

::  How  the  evolving  nature  of  IT 
affects  the  workforce 

::  Why  CIOs  need  to  plan  now 
for  the  coming  skills  shortage 

::  Successful  staffing  tactics 


BY  STEPHANIE  OVERBY 


Experienced  IT  professionals  with  broad  technical  competency  and 
working  knowledge  of  both  emerging  technologies  and  legacy  sys- 
top-notch  analytical  and  problem-solving  prowess,  excellent  com¬ 
munication  skills,  and  the  ability  to  work  well  independently  and  as  a  member  of  a  team. 
Must  have  experience  in  business  process  management,  certification  in  project  manage¬ 
ment  and  a  solid  understanding  of  enterprise  architecture.  Customer  service  attitude 
required.  Vendor  management  background  a  plus. 

It’s  no  longer  a  matter  of  debate:  The  nature  of  IT  is  evolving  from  technical  support 
center  to  innovative  business  partner.  And  the  mix  of  skills  needed  to  staff  the  new  IT 
department  is  changing  as  well.  While  technical  proficiency  is  still  important,  CIOs  are 
desperately  seeking  hires  with  project  management  expertise,  enterprise  and  industry 
knowledge,  and  the  business  skills  necessary  for  customer-facing  roles.  Forty-one  per¬ 
cent  of  CIOs  said  they  place  greater  emphasis  today  on  a  job  candidate’s  knowledge  of 
business  fundamentals  than  they  did  five  years  ago,  according  to  a  2006  Robert  Half 
Technology  survey. 

What  is  unclear  is  how  CIOs  will  meet  this  demand.  The  supply  of  business-IT  pro¬ 
fessionals  is  tight.  Enrollment  in  U.S.  computer  science  and  engineering  programs  has 
plunged  five  straight  years,  down  50  percent  from  2000  to  2005,  according  to  the  most 
recent  study  by  the  Computing  Research  Association.  CIOs  complain  that  students  who 
do  pursue  traditional  IT  programs  don’t  get  adequate  exposure  to  soft  skills.  Seasoned 
professionals  with  that  valuable  combination  of  business  and  technology  skills  inch 
nearer  to  retirement.  One-third  of  U.S.  workers  will  be  over  the  age  of  50  by  2010;  the 
first  baby  boomers  reach  retirement  age  in  2011.  Skilled  midcareer  workers,  who  could 


WANTED 

terns.  Should  have 


SEPTEMBER  1,  2006  |  www.cio.com 


PHOTO  BY  MARK  ROBERT  HALPER 


Staffing 


fill  the  gap,  risk  being  ignored  or  underutilized. 

Yet  successful  IT  staffing  is  more  important  than  ever.  “Tal¬ 
ent  is  the  differentiator  between  creating  significant  business 
advantage  with  IT  and  not,”  says  Alastair  Behenna,  CIO  of  global 
recruiter  Harvey  Nash  Group. 

Staffing  pressures  are  affecting  everyone,  from  smaller  busi¬ 
nesses  to  Fortune  500  companies,  nonprofits  to  the  public  sec¬ 
tor,  industry  to  industry.  In  fact,  IT  leaders  ranked  finding,  hiring 
and  retaining  workers  with  the  needed  skill  sets  among  their  top 
staffing  concerns,  according  to  CIO’s  “2006  Midyear  Staffing 
Update.” 


the  big  picture 


“We’re  all  going  after  the  same  talent  pool,”  says  Diane  Wal¬ 
lace,  CIO  for  the  state  of  Connecticut.  “These  issues  are  going  to 
be  with  us  for  a  while,  and  there’s  no  magic  bullet  coming.  CIOs 
have  to  solve  it  for  themselves.” 

A  talent  war  is  brewing,  and  CIOs  cannot  wait  for  the  calvary 
to  ride  over  the  hill  with  the  right  recruits.  “You’re  going  to  be 
in  trouble  if  you’re  not  working  to  interest  kids  in  IT,  to  recruit 
them  out  of  the  university,  to  develop  your  own  employees  and 
retain  them,”  says  GM  CIO  and  group  VP  Ralph  Szygenda. 

To  win,  CIOs  must  arm  themselves  by  taking  significant 
steps  to  ease  today’s  staffing  squeeze  and  lay  the  groundwork 
for  tomorrow’s  growth.  Prepare  your  own  battle 
plan  by  studying  the  tactics— some  old,  some 
new— employed  by  forward-looking  CIOs. 


2006  Midyear  Staffing  Update 

CIO's  survey  of  269  IT  executives  reveals  their  current 
and  future  staffing  needs,  what  they’re  doing  to  retain  and 
motivate  employees,  where  they're  spending  limited  training 
dollars,  and  what  their  worries  are  as  they  stand  on  the  cusp 
of  a  fundamental  shift  in  IT— and  IT  staffing.  For  details,  see 
the  charts  here  and  on  the  following  pages. 

The  Crunch  Continues 

For  the  second  straight  year,  the  majority  of  IT  leaders  indicated 
their  staffs  were  stretched  thin. 

How  would  you  describe  your  current 
staffing  environment? 

Inadequately  staffed  66% - • 

Adequately  staffed  31% - • 


Overstaffed  2% 


NOTE:  Numbers  do  not  add  up  to  100%  due  to  rounding. 


What  Keeps  CIOs  Up  at  Night? 


While  CIOs  remain 
most  concerned 
about  the  demands 
being  placed  on 
their  staffs,  skills 
shortages  and 
worries  about  the 
future  weren’t  far 
behind. 


What  are  your  top  concerns  regarding 
your  IT  staff  in  2006? 

Demanding  workloads/Burnout  57% 

Finding  and  hiring  needed  skill  sets  53% 

Determining  IT  skills  mix  in  2-5  years  43% 

Retaining  needed  skill  sets  35% 

Low  morale/Motivating staff  28% 


NOTE:  Respondents  chose  three. 


5 


CIO  RESEARCH 


things 
to  do  today 

O  Reth ink  Hiring  Practices 

An  alarming  disconnect  exists  between  what 
CIOs  claim  to  want  in  entry-level  candidates  and  the 
skill  sets  of  those  they  actually  hire.  Business  capa¬ 
bilities  and  project  management  expertise  repre¬ 
sented  eight  of  the  top  10  skills  identified  as  critical 
to  keep  in-house,  according  to  a  recent  survey  by  the 
Society  for  Information  Management  (SIM).  How¬ 
ever,  the  majority  of  respondents  primarily  sought 
technical  skills  in  entry-level  recruits. 

Why  the  incongruity?  CIOs  who  have  spent  years 
looking  for  technical  proficiency  may  have  trouble 
adjusting  their  hiring  practices  to  net  candidates 
with  business  and  IT  skills.  “This  is  new  territory. 
We  know  what  to  look  for  in  pure  IT  roles  that  have 
comfortable  certifications,  job  titles  and  descriptions 
to  measure  against,”  says  Harvey  Nash’s  Behenna. 
“[These  new  roles]  are  still  in  their  infancy.” 

Chris  Stockley,  CIO  and  VP  of  $4.2  billion  build¬ 
ing  contractor  Skanska,  wants  employees  with  a 
customer  service  mind-set  who  excel  at  commu¬ 
nication  and  collaboration.  “Technical  proficiency 
is  something  we  look  for,”  he  says,  “but  it’s  the  last 
criteria  we  care  about.” 

Stockley  uses  various  tactics  to  tease  out  business 
skills  in  candidates  after  their  initial  HR  screening 
and  interview.  For  instance,  all  potential  hires  must 
give  a  presentation  about  anything.. .except  IT  or  the 
construction  industry.  “The  content  is  irrelevant. 
I’ve  seen  presentations  on  everything  from  how  to 
bake  chocolate  chip  cookies  to  how  to  shoot  pool,” 
says  Stockley.  “The  issue  is  how  they  communicate 
and  [how  they]  handle  a  stressful  situation.” 


42  SEPTEMBER  1,  2006  |  www.cio.com 


To  tease  out  their  business  skills 
Skanska  CIO  Chris  Stockiey 

puts  potential  IT  hires  through 
a  simulated  customer  service 


A  handful  of  IT  employees,  the  hiring  manager  and  one  of  a 
rotating  group  of  senior  executives  sit  in  on  the  presentations. 
Candidates  could  find  themselves  explaining  how  to  fold  a  nap¬ 
kin  to  the  CEO.  It’s  not  a  pass-fail  assignment;  one  of  Stockley’s 
best  directors  of  customer  service  bombed  her  first  time  out.  She 
won  the  position  by  asking  for  another  shot  and  turning  her 
performance  around. 

“You  may  uncover  some  not-so-positive  characteristics.  It 
doesn’t  mean  you  don’t  hire  someone,  but  you  know  the  areas 
of  potential  concern.  You’ve  had  a  positive  conversation  about 
improving  their  skills  before  they’re  even  an  employee,”  he  says. 


Stockiey  then  puts  job  candidates  through  a  simulated  customer 
service  exercise.  A  potential  member  of  the  infrastructure  team  may 
have  to  communicate  a  technical  issue  to  a  businessperson  face-to- 
face.  “We  look  at  how  well  they  settle  down  the  customer.  Or  how 
well  they  provide  a  nontechnical  description  of  a  technical  issue,” 
says  Stockiey.  “We  put  everyone  through  it.” 

Q  Collaborate  with  HR  and  Recruiters 

CIOs  tend  to  be  do-it-yourselfers,  says  Katherine  Spencer 
Lee,  executive  director  of  Robert  Half  Technology.  That  can  be  a 
problem  when  it  comes  to  staffing.  “They  don’t  take  advantage  of 


PHOTO  BY  JEFFREY  MCCULLOUGH 


www.cio.com  |  SEPTEMBER  1,  2006  43 


Staffing 


theblfi[picture 


all  the  resources  at  their  disposal.”  says  Lee.  Human  resources 
professionals  and  recruiters  can  be  the  CIO’s  best  friend,  she 
says.  But  for  that  relationship  to  bear  fruit,  CIOs  must  make  time 
to  convey  their  staffing  needs. 

GM’s  Szygenda  recruits  mostly  midlevel  and  senior-level 
employees  for  project  management,  business  liaison  and  vendor 
management  positions.  The  hardest  slots  to  fill  are  his  ‘‘process 
information  officer”  roles,  which  require  a  solid  IT  background 
and  strong  business  operations  experience.  “Finding  those 
people  is  getting  harder  and  harder,”  says  Szygenda.  “And  the 
recruiters  bring  us  the  same  people  over  and  over.” 

His  solution?  Meeting  with  recruiters  regularly.  “They  have  a 
lot  of  clients.  They  go  to  whoever  screams  the  loudest,”  he  says. 
“We  set  aside  time  to  meet  with  them  every  week  and  put  pressure 
on  them  to  come  back  with  someone  outside  their  database.” 

Skanska’s  Stockley  invites  recruiters  to  IT’s  annual  vendor 
event,  where  he  shares  his  group’s  recent  accomplishments  and 
three-vear  plan.  “We  may  not  specifically  say,  ‘In  three  years, 
we’ll  need  this  particular  skill  set,”’  he  explains.  “But  this  way 
they  not  only  understand  our  hiring  processes  but  they  also 
know  what’s  coming  in  the  marketplace.” 

At  the  most  recent  event,  Skanska  highlighted  its  new  focus 
on  application  integration  and  its  need  for  project  managers  with 
application  integration  experience  and  for  business  process  ana¬ 
lysts.  “The  recruiters  started  sending  us  viable  candidates  before 
we  had  even  opened  a  rec  for  any  positions,”  says  Stockley. 

A  Bring  Back  Bonuses  and 
Other  Benefits 

Retention  wasn’t  a  problem  during  the  economic  downturn. 
“The  job  market  was  so  bad  that  CIOs  said,  ‘Nobody’s  going  to 
go  looking  around,”’  says  Kate  Kaiser,  the  Marquette  Univer¬ 
sity  associate  professor  who  led  the  SIM  study.  That’s  no  longer 
true.  Bureau  of  Labor  Statistics  data  shows  tech  employment 
above  its  2001  hiring  peak,  with  3.5  million  U.S.  IT  professionals 
employed  today.  A  healthy  job  market  is  bad  news  for  CIOs  who 
aren’t  working  to  retain  their  best  and  brightest. 

“Incentives,  special  compensation  programs  and  signing 
bonuses  are  more  of  a  requirement  today,”  says  Szygenda,  who 
finds  himself  offering  more  money  to  attract  and  retain  employ¬ 
ees.  “We  didn’t  have  to  do  any  of  that  a  few  years  ago.” 

GM  declined  to  elaborate  on  its  compensation  tactics.  However, 
average  IT  compensation  will  rise  4  percent  this  year,  according 
to  Forrester.  But  salary'  increases  can  vary  wildly  from  job  to  job. 
Workers  in  roles  vulnerable  to  automation  or  outsourcing,  such 
as  call  center,  applications  maintenance  and  technical  support, 
may  actually  see  their  pay  decline,  says  Forrester.  Those  with 
skills  in  service-oriented  architecture,  business  process  reengi¬ 
neering  and  project  management,  where  demand  for  workers 
outstrips  supply,  will  see  double-digit  salary  growth. 

Not  everyone  has  money  to  throw  at  the  problem.  Larry  Bon- 
fante,  CIO  of  the  U.S.  Tennis  Association,  a  $220  million  non¬ 
profit,  vies  for  talent  with  Manhattan’s  financial  services  firms. 
“J.R  Morgan  is  a  half-hour  train  ride  away,  and  they  pay  twice 


Who  You’re  Hiring  and 
What  Skills  You’ll  Need 

What  level  employee  are  you  hiring? 

Entry-level  26% - • 

Midlevel  44% - — • 

Senior-level  31% - • 

NOTE:  Numbers  do  not  add  up  to  100% 
due  to  rounding 

IT  leaders  anticipate  a  leap  in  the  need  for  senior- 
level  skills  such  as  business  process  management, 
database  management,  program  management, 
enterprise  architecture  and  strategy  in  the  next  two 
to  five  years. 


Business  skills 

Hiring 

currently 

Outsource 

currently 

Will  need 
(in2-5yrs.) 

Project/program 

management 

23% 

17% 

60% 

Business  analysis 

22% 

11% 

53% 

Relationship  man¬ 
agement  (internal) 

12% 

4% 

39% 

IT  finance 

8% 

8% 

28% 

Strategist/Internal 

consultant 

7% 

9% 

40% 

IT  HR 

6% 

10% 

21% 

Vendor  management 

4% 

5% 

27% 

Technology  skills 

Hiring 

currently 

Outsource 

currently 

Will  need 
(in2-5yrs.) 

Application 

development 

36% 

47% 

52% 

Business  process 
management 

17% 

9% 

55% 

Systems  analyst 

17% 

10% 

39% 

Helpdesk/ 

Usersupport 

16% 

19% 

32% 

Database 

management 

14% 

19% 

49% 

Enterprise  architect 

14% 

12% 

41% 

Networking 

12% 

16% 

32% 

QA/Testing 

12% 

17% 

28% 

Web  services 

10% 

26% 

33% 

Website 

development 

10% 

33% 

30% 

Security 

9% 

14% 

42% 

NOTE:  Respondents  chose  three 


CIO  RESEARCH 


44  SEPTEMBER  1,  2006  I  www.cio.com 


now 


Wireless  email 


is  a  business  tool, 
not  a  perk. 


Give  your  employees  the  tool  to  keep  them 
connected  even  when  they're  out  of  the  office. 
Give  them  Cingular's  real-time  wireless  email  and 
watch  productivity  skyrocket.  Give  them  now. 


>  Solutions  are  easy  to  implement  and  scalable  to 
meet  a  business's  growing  needs. 

>  Triple  data  encryption  ensures  critical  information 
stays  secure. 

>  24/7  customer  support  for  worry-free  service. 

>  From  the  #1  provider  of  wireless  email  for  business. 

>  Runs  on  ALLOVER7  the  largest  digital  voice  and 
data  network  in  America. 


CINGULAR  8125 


CINGULAR  MAKES  BUSINESS  RUN  BETTER 


Call  1-866-4CWS-B2B  Click  www.cingular.com/wirelessemail  Contact  your  account  representative 


X.  cingular 

raising  the  bari.iill 


The  ALLOVER  network  covers  over  273  million  people  and  is  growing.  Coverage  not  available  in  all  areas.  Certain  email  systems  may  require  additional  hardware  and/or  software  to  access. 

©2006  Cingular  Wireless.  All  rights  reserved. 


Staffing 


the  biff  picture 


as  much,”  says  Bonfante.  To  compete, 
he  plays  up  the  excitement  surround¬ 
ing  the  USTA  and  its  collegial  atmo¬ 
sphere.  “We  try  to  create  a  context  that 
people  find  more  attractive.” 

His  most  valuable  perk?  Flexibility. 

“We  don’t  chew  people  up  and  spit 
them  out  like  the  financial  services 
industry,”  says  Bonfante.  “That’s 
compelling  to  a  lot  of  people.”  It’s  how 
he  attracted  two  of  his  best  directors, 
both  women  with  small  children. 

“We  allow  people  to  work  from  home 
and  provide  flexible  hours  for  many 
staff,”  says  Bonfante.  “I’m  not  a  clock 
watcher.  I’m  interested  in  results.  If 
you  have  to  leave  early  to  go  to  a  ballet 
recital,  God  bless.” 

A  third  of  IT  workers  said  they 
value  a  flexible  work  schedule  more 
than  other  nontraditional  benefits, 
according  to  the  “2006  Compensation 
and  Benefits  Report”  by  Hudson  High¬ 
land  Group.  “Employees  are  more  will¬ 
ing  to  forgo  additional  cash  in  order  to 
have  a  more  improved  work-life  bal¬ 
ance,”  says  Peg  Buchenroth,  Hudson 
Highland  Group’s  managing  director 
of  compensation  and  benefits. 

Flextime  is  also  the  most  common 
benefit  used  to  motivate  or  retain  IT 
workers,  according  to  CIO’s  staffing 
survey,  with  61  percent  of  organiza¬ 
tions  employing  it. 

Q  Get  Creative  About  Training 

Another  benefit  IT  professionals  value  is  job-related  train¬ 
ing,  according  to  the  Hudson  report.  But  training  budgets  got 
slashed  during  the  downturn,  and  bringing  them  back  remains 
challenging.  Some  CIOs  have  coped  by  finding  creative  ways  to 
fund  training. 

Connecticut  CIO  Wallace  needed  business-savvy  staff  with 
good  communication  and  negotiation  skills  to  market  IT-busi- 
ness  solutions  to  internal  customers.  To  cultivate  these  talents 
in-house,  she  sacrificed  an  upgrade  to  her  project  management 
software  and  funneled  that  $11,000  into  a  customized  four- 
day  training  program  developed  with  a  local  college.  “We  can 
upgrade  the  application  next  year,”  says  Wallace.  “What  good 
is  a  software  upgrade  anyway,  if  you  don’t  have  the  right  skills 
to  pull  it  off?” 

CIO  Alan  Boehme  takes  a  different  tack  at  Juniper  Networks, 
a  $2  million  router  manufacturer  that  competes  with  the  likes 
of  Cisco.  Boehme  tracks  all  the  money  IT  generates  or  saves  the 
business  and  reinvests  a  percentage  in  professional  develop¬ 


TrainingDays 

Respondents  spent  an  average 
of  7%  of  their  2006  IT  budget  on 
training  in  a  variety  of  business 
and  technology  skills. 

What  kinds  of  training  are  you 
spending  on? 

Application  development  51% 
Project/program  management  49% 
Security  40% 

General  leadership  35% 

Database  management  32% 
Networking  30% 

Business  process  management  27% 
Enterprise  architecture  26% 

Web  services  19% 

Business  analysis  17% 


ment,  such  as  funding  staff  training  at  the 
Project  Management  Institute.  “We  make 
the  case  that  a  portion  be  used  in  IT  for 
training  and  education  in  order  for  us  to 
become  more  operationally  proficient  and 
able  to  deliver  future  benefits  to  the  busi¬ 
ness  faster,”  he  says. 

Others  take  a  do-it-yourself  approach. 
Harrah’s  CIO  Tim  Stanley  came  from  com¬ 
panies  that  valued  training  and  offered 
robust  corporate  programs.  At  the  gam¬ 
ing  giant,  he  developed  his  own  program 
to  cover  business  and  technical  subjects 
ranging  from  finance  to  data  architecture. 
The  program  was  developed  by  in-house 
staff  who  had  subject  area  expertise  and 
some  background  in  training. 

For  advanced  training,  he’s  called  on 
his  vendors  to  help  by  building  into  their 
contracts  a  number  of  prepaid  training 
hours.  Tibco,  for  example,  offers  training 
on  everything  from  basic  technology  to 
advanced  architecture  training.  But  Stan¬ 
ley  insists  vendors  do  it  onsite  and  within 
the  context  of  Harrah’s  systems.  He  also 
works  with  other  third  parties  to  offer 
online  certifications  for  his  staff. 

A  Launch  Business-IT 
Rotation  Programs 

Harrah’s  Stanley  knows  the  benefit  of 
employee  give-and-take  with  the  busi¬ 
ness.  He  rotates  about  20  percent  of  his 
IT  staff  annually  into  different  roles  in  the  department  or  the 
business,  sometimes  during  a  project.  He  also  actively  recruits 
IT-savvy  business  staffers  from  local  properties  and  corporate 
business  functions.  The  business  doesn’t  protest.  “We’ve  given 
more  than  our  fair  share,”  says  Stanley.  “Marketing  and  opera¬ 
tions  pilfered  from  us  for  years  because  IT  folks  have  functional 
knowledge  and  orientation  in  logic.” 

Stanley  attracts  businesspeople  to  IT  by  selling  them  on  driv¬ 
ing  change.  “They  think  it’s  pretty  cool,  and  they  know  it  won’t 
preclude  them  from  going  back  out  into  the  business,”  he  says. 
One  employee  from  the  strategic  database  marketing  group  who 
left  to  work  as  a  property  director  for  Harrah’s  has  returned  to 
IT  as  director  of  enterprise  business  intelligence.  That  broader 
exposure  makes  it  easier  for  employees  to  see  how  IT  and  the  busi¬ 
ness  fit  together. 

However,  CIO’s  staffing  survey  found  only  11  percent  of  respon¬ 
dents  offer  job  rotation  programs.  That’s  a  missed  opportunity. 

“I  believe  in  rotation  programs,”  says  Wallace,  who’s  introduc¬ 
ing  them  in  Connecticut.  She’s  particularly  high  on  short-term 
job  swapping.  As  vice  president  of  IT  at  CNA  Financial,  she  had 
the  IT  and  business  manager  on  a  project  switch  roles  for  three 


CIO  RESEARCH 


46  SEPTEMBER  1,  2006  |  www.cio.com 


TATA 


WHERE  DO  7  OF  THE  TOP  10  FORTUNE®  100 
TURN  FOR  THEIR  I.T.  NEEDS? 

TO  THE  BIGGEST  I.T.  COMPANY  YOUVE  PROBABLY  NEVER  HEARD  OF... 


Presenting  Tata  Consultancy  Services,  TCS,  the  creator  of  the  Network  Delivery  Model  for 
software  development.  For  over  35  years  TCS  has  been  the  provider  of  choice  for 
hundreds  of  customers  around  the  globe,  including  seven  of  the  top  ten  FORTUNE*  100 
companies.  TCS,  with  revenues  of  $2.97  billion  in  FY  2005/06,  serves  its  customers  with 
over  63,000  expert  associates  from  53  countries  around  the  globe,  including  10,000 
employees  in  50  locations  throughout  the  U.S. 

It's  time  you  got  to  know  the  biggest  I.T.  company  you've  probably  never  heard  of.  For  a 
more  complete  introduction,  email  marketing@usa-tcs.com  or  visit  us  online  at 
www.tcs.com. 


TATA  CONSULTANCY  SERVICES 


I.T.  Services  /  Business  Solutions  /  Outsourcing 


rc  2006  Tata  Consultancy  Services  Ltd.  All  rights  reserved.  Tata  Consultancy  Services  and  the  Tata  Consultancy  Services  logo  are  registered  trademarks  of  Tata  Consultancy  Services  ltd. 


Staffing 


months.  “It  worked  well.  They  were 
both  job  swapping  temporarily,  so  they 
had  an  interest  in  the  other  being  suc¬ 
cessful,”  says  Wallace.  “It  also  helped 
us  identify  people  from  the  business 
that  we  eventually  sucked  into  IT.” 

Wallace  also  fosters  a  business-cen¬ 
tric  environment  to  nurture  such  skills 
in  her  IT  staff.  “If  there’s  an  application 
development  effort,  I  don’t  have  them 
measure  success  by  whether  it  came 
in  on  time,  on  budget  and  according  to 
spec.  I  insist  they  take  it  a  step  further 
and  add  business  metrics.” 

Each  member  of  her  technical  staff 
is  devoted  to  a  specific  internal  cus¬ 
tomer.  As  they  learn  more  about  the 
customer’s  business  objectives,  Wal¬ 
lace  encourages  workers  to  share 
knowledge  during  monthly  IT  staff 
meetings. 


5 


You’re  going  to 
be  in  trouble  if 
you’re  not work¬ 
ing  to  interest 
kias  in  IT,  to 
recruit  them 
out  of  the 
university,  to 
develop  your 
own  employ¬ 
ees  and  retain 
them.” 

-GM  CIO  RALPH  SZYGENDA 


things 
to  do  for  tomorrow 

Q  Go  Backto  School 

Kevin  Gallagher  cringes  when  CIOs  complain  that  recent 
computer  science  grads  aren’t  exposed  to  business  principles. 
“I  have  to  say,  Ahem,  I  teach  information  systems  in  a  business 
school,”’  says  Gallagher,  assistant  professor  of  Management  of 
Information  Systems  at  Florida  State  University’s  College  of 
Business.  “We  teach  students  about  project  management,  com¬ 
munication  and  leadership.” 

CIOs  need  to  quit  complaining  about  college  IT  programs  and 
get  involved  in  shaping  their  future  workforce,  says  Stephen  Pick¬ 
ett,  SIM  president  and  CIO  and  VP  of  trucking  company  Penske. 
“I  encourage  any  CIO  to  work  with  their  local  university  to  make 
sure  they’re  developing  the  kind  of  individuals  they  need,”  he  says. 
Pickett  himself  helped  introduce  new  business  classes  to  the  techni¬ 
cal  programs  of  two  universities.  He  suggests  CIOs  get  involved  in 
undergraduate  computer  science  as  well  as  in  master’s  programs  in 
information  systems  and  IT  divisions  of  business  schools. 

CIO  support  is  the  key  to  such  efforts.  For  example,  GM’s 
Szygenda  sits  on  the  board  of  Carnegie  Mellon  University.  He 
also  helped  create  an  online  master’s  pro¬ 
gram  there  to  offer  technology  training 
to  business  professionals  including  GM 
employees.  “The  model  we’re  trying  to 
create  everywhere  is  to  turn  out  profes¬ 
sionals  who  have  both  the  technical  and 
the  business  training,”  he  says. 


Drill  Into  the  Data 


For  a  more  in-depth  look  at  CIO  magazine’s 

2006  MIDYEAR  STAFFING  UPDATE,  includ¬ 
ing  a  list  of  top  skills  by  region,  go  to  www 

cio.com/090106.  CIO-COITI 


In  an  international  twist,  Szygenda 
is  jump-starting  similar  efforts  with 
universities  in  countries  where  GM 
does  business,  such  as  China,  India, 
Russia  and  Brazil.  Technical  programs 
in  these  countries  are  top-notch,  says 
Szygenda,  but  business  education 
within  them  is  practically  nonexistent. 
So  he’s  introduced  GM  IT’s  Skills  for 
Success  business  training  in  local  lan¬ 
guages. 

Q  Spread  the  Gospel  of 
IT  Careers 

Connecticut’s  Wallace  values  business 
savvy  in  her  employees.  However,  “not 
everyone  in  IT  has  those  skills,”  she  says. 
So  she  actively  recruits  from  the  business 
community.  “I  know  IT  can  be  a  very 
attractive  place  for  them  if  I  market  it 
correctly,”  says  Wallace.  “I  tell  them  that 
the  great  thing  about  IT  is  that  it’s  one  of 
the  few  places  in  any  organization— from 
state  government  to  the  private  sector— that  touches  every  impor¬ 
tant  project  going  on  in  the  business.” 

Wallace  pitches  business  recruits  on  the  chance  to  get  involved 
with  large,  strategic  projects  across  all  the  state’s  divisions  instead 
of  working  on  one  initiative  in  a  non-IT  department.  Her  market¬ 
ing  mantra?  “You  don’t  need  to  know  how  to  code.” 

Smart  CIOs  are  also  preaching  to  the  next  generation  of  work¬ 
ers.  It’s  not  just  a  goodwill  effort.  Hands-on  marketing  by  tech¬ 
nology  leaders  is  critical  to  counteract  the  bad  rap  IT  jobs  have 
gotten.  “Students  think  all  IT  jobs  are  being  offshored,  and  they 
make  the  mistake  of  thinking  that  outsourcing  and  offshoring 
are  synonymous,”  says  Pickett.  “You  can  clear  that  up,  and  it’s 
very  exciting.” 

Wallace  also  goes  on  campus  in  her  efforts  to  get  the  word  out. 
“I  encourage  students  to  take  certain  courses— project  manage¬ 
ment,  negotiating,  communications— that  will  help  them  strad¬ 
dle  the  IT-business  fence,”  she  says. 

Spreading  the  good  news  of  technology  opportunities  may 
have  to  start  even  younger.  “There’s  much  more  work  to  do  in 
the  K-12  environment  to  encourage  math  and  science,”  says  Phil 
Zwieg,  VP  of  IS  of  Northwestern  Mutual.  “The  numbers  there 
are  depressing,  particularly  with  girls.”  (For  more  on  K-12  IT 
education,  see  “Computer  Education’s  Failing  Grade,”  Page  18.) 

For  some  years  now,  Zwieg’s  IT  HR  team  has  worked  with  a  local 
high  school  to  set  up  IT  career  days  and 
help  with  class  development.  “HR  organi¬ 
zations  know  there  are  challenges  coming 
in  the  next  five  to  10  years,”  he  says.  “It’s 
important  to  continue  to  reach  out  to  high 
school  communities.” 

Continued  on  Page  52 


48  SEPTEMBER  1,  2006  |  www.cio.com 


You  don't  face  the  same 
project  and  resource 
management  challenges 
as  everyone  else.  So 
why  use  one-size-fits-all 
software? 

Only  Primavera  has  a  complete  range  of  industry-specific, 
collaborative  project,  resource  and  portfolio  management 
solutions  for  your  unique  business  needs.  We’re  currently 
helping  companies  around  the  world  successfully  manage 
their  projects  and  resources,  even  in  the  most  complex 
regulatory  and  compliance  environments.  We  can  help 
you  do  the  same.  Whatever  your  challenges,  you  can  rely 
on  one  name  for  the  right  solution.  And  that’s  Primavera. 

PRIMAVERA 


vhy  Primavera  was  named  a  PPM  Market  Leader 
ng  independent  analyst  firm. 
.primavera.com/PPMWave  today! 


ADVERTISING  SUPPLEMENT 


Next  Generation  IT 

Insights  The  Business 

Value  of 
Innovation 


finte 

Core'2. 

Duo 


BUSINESS  LEADERS  have  critical  needs, 
hey  want  to  improve  business  processes, 
duce  costs  and  grow  their  customer  rela- 
onships. 

One  of  the  greatest  obstacles  to  achiev- 
g  these  goals  is  managing  the  large  num- 
rs  of  desktop  PCs  used  by  employees, 
ticularly  relative  to  security  concerns, 
deed,  businesses  today  are  affected  by 
increasing  economic  and  security  threats 
ranging  from  malicious  viruses  to  identity 
theft.  These  situations  have  made  system 
management  a  real  challenge. 

But  all  that  is  changing,  now.  Desktop 
PCs  with  Intel®  vPro™  technology  offer 
previously  unavailable  security  and  man¬ 
ageability  capabili¬ 
ties — even  when  they 
are  powered  off  or 
when  their  operating 
system  is  down.1 

Indeed,  Intel 
vPro  technology  is 
nothing  less  than  a 
revolutionary  shift 
in  desktop  PCs,  with 
built-in  manageabil¬ 
ity,  strengthened  se¬ 
curity,  and  energy-efficient  performance. 

Intel  vPro  technology  will  deliver  these 
benefits  starting  in  September  through 
broad  collaborations  with  industry-leading 
software  leaders  and  IT  outsourcers,  and 
with  support  from  PC  system  manufactur¬ 
ers  around  the  world. 

Inside  Intel®  vPro™  Technology 

In  much  the  same  way  that  Intel®  Cen- 
trino™  mobile  technology  brought  added 
— >>  value  to  the  mobile  market,  Intel 
(Intel/  vPro  technology  offers  business 
IT  a  competitive  edge  by  build¬ 
ing  in  breakthrough  innovations 


Intel®  vPro™ 
technology 
improves 
management 
services  from  the 
hardware  on  up 


At  the  heart  of  the  Intel®  vPro™ 
technology-based  PCs  is  the  dual¬ 
core  Intel®  Core™  2  Duo  processor. 


ADVERTISING  SUPPLEMENT 


Global  Services  Giant  looks  to 
Intel®  vPro™  technology 

EDS  is  a  leading  global  technology  services  company  that  pioneered  the 
information  technology  outsourcing  industry  more  than  40  years  ago.  Today, 
EDS  delivers  a  broad  portfolio  of  information  technology  and  business  process 
outsourcing  services  to  clients  in  the  manufacturing,  financial  services, 
healthcare,  communications,  energy,  transportation,  and  consumer  and  retail 
industries  and  to  governments  around  the  world. 

Recently,  EDS  investigated  new  hardware-based  capabilities  that  are  built 
into  PCs  with  Intel®  vPro"  technology.  EDS  concluded  that  these  capabilities 
could  significantly  improve  remote  inventory,  management,  security,  and 
update  tasks,  especially  for  PCs  that  are  powered  down,  whose  operating 
system  is  not  working,  or  which  do  not  have  management  agents  installed. 

In  PCs  with  Inter  vPro,H  technology,  virtualization  capabilities  are  built 
into  system  hardware.  These  capabilities  deliver  a  tamper-resistant  platform 
on  which  a  dedicated  virtual  appliance  can  function.  EDS  now  has  the  option  of 
using  an  isolated,  tamper-resistant  space  from  which  to  service  an  inoperative 
user  OS.  Third-party  vendors  are  already  using  this  dedicated  OS  to  build 
virtualized  manageability  and  security  applications  for  business  PCs. 

EDS  is  now  expecting  to  use  the  embedded  capabilities  built  into  these  PCs 
with  Inter  vPro™  technology  to  achieve  greater  visibility  into  its  customers’ 
assets,  from  initial  deployment  through  the  life  of  their  business  agreements. 
This  will  help  EDS  streamline  and  automate  more  processes,  improve  service- 
level  agreements,  reduce  manual  inventories,  and  increase  service  offerings  to 
customers. 

For  more  information  about  EDS  and  Intel  vPro  technology:  Visit  http://www.mtel. 
com/vpro/  for  all  the  details  and  additional  resources 


and  technologies  to  help  get  the  most 
out  of  resources  and  shrinking  IT  bud¬ 
gets. 

At  the  heart  of  the  Intel®  vPro™ 
technology-based  PCs  is  the  dual-core 
Intel®  Core™  2  Duo  processor.2  This 
next-generation,  64-bit  microarchi¬ 
tecture  provides  amazing  gains  in  per¬ 
formance — improving  responsiveness 
and  productivity  at  the  same  time  that 
it  offers  the  potential  to  reduce  power 
consumption. 

But  there  is  much  more  to  Intel  vPro 
technology  than  having  the  world’s 
best  processor.2  It  contains  technology 
that  is  the  future  of  the  digital  office, 
with  critical  capabilities  not  found  in 
previous  generations  of  business  PCs  or 
software-only  solutions.  With  Intel  vPro 
technology,  you  can  manage  desktops 
that  are  powered  down  or  whose  OS 
is  inoperable — all  with  full  support  for 
Microsoft  Windows  Vista  Premium. 
With  Intel  vPro  technology,  you  can 
spend  less  time  managing  your  PCs  and 
more  time  focusing  on  strategic  busi¬ 
ness  initiatives. 

And  Intel  vPro  technology  delivers 
a  new  level  of  security  and  efficiency 
that  can  reduce  total  cost  of  ownership 
(TCO).  For  example,  it  means  you  can 
readily  detect  and  locate  PCs  on  the 
network  even  if  they  are  powered  down 
or  do  not  have  a  functioning  agent. 
What’s  more,  you  can  remotely  fix  PCs 
even  if  the  OS  is  down,  automatically 
detect  changes  in  manageability  and 
security  software,  and  immediately  re¬ 
mediate  security  vulnerabilities  to  keep 
your  environment  more  secure.  Intel 
vPro  technology-based  PCs  enable  you 
to  easily  wake  PCs,  with  greater  security 
than  alternatives  like  Wake  on  LAN. 

Intel  vPro  technology-based  PCs — 
with  built-in  manageability,  strength¬ 
ened  security,  and  energy-efficient 
performance — will  also  include  Intel’s 
latest  integrated  graphics.  That  means 
they  can  provide  performance  for  main¬ 
stream  business  applications  and  will 
be  capable  of  delivering  the  full  array 
of  graphics  interface  features  in  the 
forthcoming  Microsoft  Windows  Vista 
Premium  operating  system. 


Accelerating  Business  Success 

The  bottom-line  benefits  of  Intel  vPro 
technology  include  safer,  better  man¬ 
aged  infrastructure  and,  as  EDS  dis¬ 
covered,  more  accurate  asset  inventory 
and  improved  end-of-lease  inventories 
as  well  as  the  ability  to  remotely  repair 
PCs.  In  short,  the  most  crucial  result 
is  that  PCs  will  truly  begin  to  be  more 
manageable.  Intel  vPro  technology 
works  with  leading  software  solu¬ 
tions  to  deliver  built-in  manageability, 
strengthened  security,  and  energy-ef¬ 
ficient  performance.  Free  up  resources 
for  innovation — shift  your  focus  from 
PC  management  to  accelerating  busi¬ 
ness  success  with  Intel  vPro  technology. 

For  more  information  about  this  and 
other  key  “next-generation”  technologies, 
visit  the  Next-Generation  IT  web  site: 
www.nextgenitinsights.com. 


1  Intel®  Active  Management  Technology  requires 
the  platform  to  have  an  Intel®  AMT-enabled  chipset, 
network  hardware  and  software,  connection  with  a 
power  source  and  a  network  connection. 

2  For  more  information  on  why  Intel®  Core™2  Duo 
processors  are  the  world’s  best  overall  processors, 
please  visit  www.intel.com/core2duo. 

Intel,  the  Intel  Logo,  Intel  vPro,  Intel  Core,  and  Centrino  are  trademarks  or 
registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United 
States  and  other  countries.  Other  names  and  brands  may  be  claimed  as 
the  property  of  others.  EDS  and  the  EDS  logo  are  registered  trademarks  of 
Electronic  Data  Systems  Corporation.  EDS  is  an  equal  opportunity  employer 
and  values  the  diversity  of  its  people.  ©  2006  Electronic  Data  Systems 
Corporation.  All  rights  reserved. 


Staffing  Continued  from  Page  48 


theblRpicture 


Business  training  39% 


Management  training  33% 


He  worked  on  an  initiative  last 
month  cosponsored  by  Marquette 
University,  the  Wisconsin  chapter 
of  SIM  and  the  city  of  Milwaukee. 

Nearly  500  juniors  and  seniors 
from  local  public  high  schools  who 
were  summer  interns  for  area  firms 
and  the  city  itself  were  treated  to  a 
day  on  campus,  including  lunch. 

More  than  20  companies  and  col¬ 
leges  set  up  booths  and  interac¬ 
tive  exhibits  to  encourage  student 
interest  in  IT  degrees  and  jobs.  It’s 
a  new  effort,  but  Zwieg  believes  it 
will  result  in  more  enrollment  in 
science,  technology,  engineering 
and  math  programs. 

CIOs  may  be  disinclined  to  spend 
their  already  limited  time  with 
young  students  because  there’s  no 
near-term  ROI,  says  Marquette 
University’s  Kaiser.  But  long-term 
benefits  could  be  big.  “You  can  get 
to  some  of  these  kids  who  would 
never  even  think  about  going  to  col¬ 
lege,  let  alone  go  into  IT,  and  open 
up  their  eyes  to  the  possibilities,” 
says  Kaiser. 

o  Invest  in  Interns 

Juniper’s  Boehme  is  a  big 
believer  in  internships.  Interns 
are  on  the  job  at  Juniper’s  offices 
in  Sunnyvale,  Calif.;  a  similar  pro¬ 
gram  launches  in  Europe  this  fall. 

They’re  not  all  the  usual  suspects: 

One  is  studying  journalism  and  has 
taken  charge  of  the  IT  newsletter. 

The  program  required  investment 
in  training  and  management  over¬ 
sight,  but  Boehme  says  it  pays  for 
itself.  “It  costs  a  lot  less  than  bring¬ 
ing  in  contractors  to  do  the  same 
work,”  he  says.  “At  the  same  time, 
we  are  able  to  build  a  future  pipe¬ 
line  of  potential  candidates  for  full¬ 
time  positions.” 

Boehme  is  in  the  minority.  Intern¬ 
ship  programs  seem  like  a  win-win  for  CIOs— eager  young  minds 
for  cheap— but  an  effective  program  that  benefits  both  the  intern 
and  the  organization  takes  significant  investment  with  no  guaran¬ 
tee  of  a  good  return.  As  a  result,  according  to  CIO’s  annual  staffing 
survey,  only  13  percent  of  IT  leaders  have  an  internship  program 
in  place  today. 


Valuable  Retention  Tools... 
and  Missed  Opportunities 

Many  respondents  said  they  offer  important 
benefits  and  motivators  like  flexible  hours, 
recognition  programs  and  technical  training. 
But  only  a  fraction  offered  equally  valuable 
programs  such  as  internships,  job  rotation 
programs,  formal  mentoring  and  family  care 
assistance. 

What  do  you  offer  to  motivate  or 
retain  IT  staff? 

IT  training  63% 

Flextime/Flexible  working  hours  61% 

Recognition  programs/Employee  awards  49% 
Comp  days  41% 


Hiring  bonus  20% 


Stock  options  19% 


Formal  mentoring  18% 


Relocation  financial  assistance  16% 


Internships  13% 


Job  rotation  programs  11% 


Retention  bonus  10% 


Day  care/Elder  care  assistance  8% 


Sabbaticals  6% 


Harrah’s  Stanley  is  a  fan  of  graduate 
school  recruiting  but  initially  resisted 
investing  in  an  undergraduate  intern¬ 
ship  program.  “I  wrestled  with  it,”  he 
says.  “Young  people  flip-flop  quite  a 
bit  before  they  figure  out  what  they 
really  want  to  do.” 

Growing  concern  about  the  future 
supply  of  IT  workers  changed  his 
mind.  “Kids  are  coming  out  of  school 
without  the  skills  necessary  to  be 
productive,”  he  says.  “They  may 
be  brilliant  at  code,  but  they’re  not 
coming  out  fully  experienced  for 
customer-facing  roles.” 

Harrah’s  IT  internship  program  is 
now  in  its  third  year,  with  15  under¬ 
graduate  students  and  one  graduate 
student  on  board.  Each  has  an  area 
of  interest,  from  project  manage¬ 
ment  to  security.  Stanley  seeks  out 
students  with  a  good  academic  track 
record  and  extracurricular  projects 
related  to  their  major.  They  intern 
for  one  or  two  years. 

“The  program  has  grown  25  per¬ 
cent  year  over  year,  and  our  reten¬ 
tion  rate  is  very  high,”  says  Stanley. 
Between  20  percent  and  50  percent 
of  interns  have  gone  on  to  accept  jobs 
at  Harrah’s.  The  program  takes  man¬ 
agement  energy  and  time  but  interns 
who  are  later  hired  are  ready  to  hit 
the  ground  running.  “There’s  no  tell¬ 
ing  whether  or  not  they’ll  get  restless 
here  at  the  five-  or  six-year  point,” 
says  Stanley.  “But  I’m  encouraged.” 

ft  Blaze  New 
Career  Paths 

A  big  concern  for  students  and  tech¬ 
nology  professionals  alike  is  the 
shape  career  paths  will  take  as  IT’s 
staffing  needs  evolve.  “Beyond  start¬ 
ing  out  as  a  programmer  and  ending 
up  as  a  CIO,  they  have  no  idea,”  says 
FSU’s  Gallagher. 

In  fact,  most  CIOs  are  struggling 
with  this.  “It’s  not  as  clear  as  it  once  was  when  you  went  from 
programmer  to  analyst  to  systems  analyst  to  project  analyst 
to  project  manager  to  manager,”  says  Zwieg  of  Northwestern 
Mutual.  “We  haven’t  quite  figured  it  out.” 

Even  as  CIOs  sort  it  out,  some  are  taking  tangible  steps  to 
make  career  progression  less  of  a  mystery. 


CIO  RESEARCH 


52  SEPTEMBER  1,  2006  |  www.cio.com 


i  i.;  i.  *  .  .  ,  " 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LETS  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s 
Information  Availability.  It’s  what  your  employees,  suppliers 
and  customers  demand  every  minute  of  every  day.  But  to 
deliver  it  flawlessly,  you  need  a  massive  global  infrastructure, 
redundant  systems  and  diverse  networks  being  monitored 
and  supported  by  skilled  technical  experts  at  secure  facilities. 
That’s  exactly  what  SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and 
save  your  company,  on  average,  25%*  versus  building  the 
infrastructure  yourself.  Plus,  it’s  a  vendor  neutral  solution  that 
lets  you  control  your  data,  applications  and  network  while 
giving  you  the  flexibility  to  adjust  to  the  changing  needs  of 


your  business.  But  best  of  all,  it  lets  you  spend  more 
time  solving  business  problems  and  less  time  solving 
technical  problems. 

For  years,  companies  around  the  world  have  turned  to 
SunGard  to  restore  their  systems  when  something  went 
wrong.  So,  it’s  not  surprising  that  they’re  now  turning  to 
us  to  mitigate  risk  and  make  sure  they  never  go  down 
in  the  first  place. 

You  want  your  network  and  systems  to  always  be  up 
and  running.  We  want  the  same  thing.  Let’s  get  together. 


‘Potential  savings  based  on  IDC  White  Paper,  Ensuring  Information  Availability: 
Aligning  Customer  Needs  with  an  Optimal  Investment  Strategy. 


SUNGARD 

Availability  Services 


Keeping  People 
and  Information 
Connected 1™ 


TO  LEARN  MORE,  CONTACT  US  AT  1-800-468-7483  OR  GO  TO  WWW.AVAILABILITY.SUNGARD.COM/MASTERIA 
AND  GET  YOUR  FREE  COPY  OF  THE  BOOK  “MASTERING  INFORMATION  AVAILABILITY.” 


Staffing 


Talent  is  the  differentiator 
between  creating  significant 
business  advantage  with 
IT  and  not.” 

-ALASTAIR  BEHENNA,  CIO,  HARVEY  NASH  GROUP 


Wallace  is  hampered  by  the  rigid  career 
paths  defined  by  the  state  of  Connecticut— a 
developer  must  progress  on  the  develop¬ 
ment  path;  it  is  difficult  to  move  horizontally 
or  upward  into,  say,  an  architecture  role.  Yet, 
creating  new  opportunities  is  key  to  reten¬ 
tion,  she  says.  “IT  people  are  job  hopping, 
and  if  you  don’t  provide  them  a  way  to  move 
ahead  they  will  leave.” 

So  Wallace  asks  every  employee  where 
she  wants  to  be  in  two  years  and  creates  a  development  plan  to 
help  get  her  there.  A  supervisor  reviews  the  plan  quarterly  with 
the  employee  as  part  of  performance  evaluations.  Wallace  says  it 
is  too  soon  to  talk  about  outcomes  but  notes  that  this  tactic  made 
it  easier  promote  more  from  within  and  reduced  turnover  when 
she  used  it  at  previous  employers.  It’s  a  smart  move.  IT  workers 
are  more  likely  to  walk  out  because  they  see  no  opportunities  for 
advancement  than  for  any  other  reason,  according  to  Hudson 
Highland  Group’s  “2005  Retention  Initiatives  Report.” 

If  you  can’t  offer  prized  employees  a  promotion  or  more  inter¬ 
esting  work,  say  some  CIOs,  you  might  help  them  find  a  larger 
role  outside  the  organization.  “The  biggest  issue  I  have  is  career 
progression  at  the  senior  level,”  says  the  USTA’s  Bonfante.  “For 
some,  the  only  thing  they  can  aspire  to  is  me  getting  hit  by  a  bus 
in  the  parking  lot.” 

Bonfante  naturally  offers  upwardly  mobile  employees  more 
compensation  and  responsibility.  But  at  a  certain  point,  it’s  up  or 
out.  So  he  sometimes  uses  his  connections  to  help  them  find  new 
jobs.  It’s  beneficial  all  around.  The  employee  moves  into  a  bigger 
role  (albeit  at  a  different  company),  an  opportunity  opens  up  within 
IT,  and  inevitably  it  leads  to  referrals  from  the  worker  you  helped. 
“I’ve  found  that  good  karma  comes  around,”  says  Bonfante. 

o  Get  Serious  About 
Knowledge  Retention 

For  some  CIOs,  the  solution  to  their  staffing  worries  may  be  sit¬ 
ting  just  down  the  hallway.  But  few  have  truly  thought  ahead 
about  how  to  keep  veteran  workers  and  their  wealth  of  knowl¬ 
edge  from  walking  out  the  door. 

With  the  boomer  generation  fast  approaching  retirement,  CIOs 
need  to  put  such  tactics  in  place  to  retain  valued  employees.  “More 
of  that  is  going  to  be  needed,”  says  Northwestern  Mutual’s  Zwieg, 
who  retires  this  year.  “There  are  different  ways  to  deal  with  the 
more  mature  worker:  modified  work  schedules,  different  benefit 
packages,  consulting  opportunities.” 

Retention  of  senior  staff  is  top  of  mind  for  Wallace:  Half  of  her 
IT  department  is  eligible  for  retirement  between  2008  and  2010. 
And  she’s  got  a  load  of  legacy  technology  work  that  was  never  fully 
documented.  To  keep  those  workers  in  the  fold,  Wallace  makes  sure 
they  get  the  same  training,  recognition  and  reward  opportunities 
as  everyone  else.  Midcareer  workers  and  those  approaching  retire¬ 
ment  are  sometimes  overlooked  by  managers  dazzled  by  younger 
hires  with  the  latest  skills.  This  lack  of  attention  can  lead  to  poor 
morale,  a  decline  in  productivity  and  an  exodus  of  older  workers. 


“You  want  every  employee  to  be  motivated  right  up  until  the 
day  they  go,”  says  Wallace.  “They  may  even  defer  their  retire¬ 
ment  and  hang  around  a  little  longer.” 

Mentoring  programs  can  also  be  an  effective  tool  to  encourage 
knowledge  sharing  across  generations.  However,  only  18  percent 
of  organizations  offer  formal  programs,  according  to  CIO’s  staff¬ 
ing  survey. 

Creating  an  effective  mentoring  process  isn’t  easy.  And  it 
shouldn’t  be  a  one-way  street.  A  good  program  is  not  just  about 
making  sure  older  workers  who  understand  Cobol  pass  on  that 
knowledge.  Older  workers  are  often  interested  in  learning  from 
their  mentees.  “They  get  excited  about  learning  about  Java,”  says 
Marquette’s  Kaiser.  “They  like  the  challenge.  And  they  want  to 
learn  new  skills  themselves.” 

Stanley  just  conducted  a  two-year  pilot  mentoring  program 
at  Harrah’s.  “We  found  that  employees  who  had  good  experi¬ 
ences  working  with  a  team  or  supervisor  were  better  employees 
overall,”  says  Stanley. 

He  says  those  who  participated  also  came  away  from  the  pro¬ 
gram  with  a  stronger  sense  of  career  growth.  “We  get  the  biggest 
juice  out  of  it  at  the  midlevel,”  notes  Stanley.  These  are  work¬ 
ers  who  “may  have  thought  they  have  to  go  into  management  to 
move  up.  Now  they  realize  they  can  move  up  on  another  track.” 

Retraining  and  redeployment  can  also  help  experienced  work¬ 
ers  gain  new  skills  and  rekindle  their  passion.  Harvey  Nash’s 
Behenna  has  successfully  retrained  midlevel  employees  in  a 
host  of  new  areas.  “The  best  success  stories  have  been  where  we 
moved  people  from  operational  roles  into  project  management. 
We  even  took  a  member  of  the  finance  team  and  turned  him  into 
a  senior  IT  manager  with  profoundly  technical  responsibility,” 
says  Behenna.  “Anything  is  possible.  You  just  have  to  know  your 
people,  keep  an  open  mind  and  develop  their  strengths.  But  it’s 
an  investment.” 

Behenna  also  offers  a  range  of  new  work  environments  to 
keep  people  in  IT  longer,  and  it’s  not  just  for  those  approaching 
their  golden  years.  He’s  made  arrangements  such  as  three-day 
workweeks  with  adjusted  compensation  and  benefits  to  keep 
valuable  employees  who  might  otherwise  have  burned  out  and 
left  his  company— and  the  IT  field— altogether. 

“We  have  several  variations  of  this  issue  for  people  on  the 
cusp  of  leaving,  and  it’s  not  just  age-related,”  says  Behenna.  “It’s 
working  out  well.”  QQ 


Senior  Editor  Stephanie  Overby  can  be  reached  at  soverby@cio.com. 


54  SEPTEMBER  1,  2006  |  www.cio.com 


ADVERTISEMENT 


EXECUTIVE 

VIEWPOINT 


CIO  EXECUTIVE  VIEWPOINT 

Windows  vs.  Linux:  Perspectives  on  Reliability 


Ryan  Gavin 

Director  of  Platform  Strategy  at  Microsoft 

Ryan  Gavin  is  the  director  of  platform  strategy  at  Microsoft®  and  has  been 
with  the  company  for  eight  years,  working  with  developers  and  IT  profes¬ 
sionals  in  a  number  of  capacities.  Ryan’s  primary  focus  is  helping  customers 
and  partners  evaluate  IT  platform  investment  decisions. 


What  are  the  most  important  factors 
that  customers  consider  when 
choosing  a  server  operating  system? 

While  there  are  many  factors  that  cus¬ 
tomers  take  into  consideration,  a  few 
consistently  bubble  up  to  the  top  regard¬ 
less  of  the  customer’s  size  or  the  impor¬ 
tance  of  the  workload:  reliability,  total 
cost  of  ownership  (TCO)  and  security. 
These  criteria  actually  encompass  many 
attributes:  for  example,  system  reliabil¬ 
ity  depends  on  the  manageability  of  the 
platform,  the  skills  and  processes  estab¬ 
lished  by  the  IT  organization,  and  the 
level  of  complexity  of  the  workload,  all 
of  which  impact  the  system’s  TCO.  The 
important  point  here  is  that  by  basing 


ability,  which  better  reflects  the  system’s 
long-term  cost  and  benefits  to  the  orga¬ 
nization. 

Across  these  real-world  customer 
scenarios,  how  do  Windows®  and 
Linux  compare  on  reliability? 

Well,  you  should  consider  the  specifics 
of  the  workload,  as  well  as  the  IT  staff 
skills  and  applications  in  the  organiza¬ 
tion.  That  said,  third-party  research 
comparing  both  platforms  provides 
reference  points  to  help  us  better  under¬ 
stand  how  Windows  and  Linux  compare 
across  many  workloads  and  customer 
environments.  There  was  some  good 
work  done  recently  by  Security  Innova¬ 


"VeriTest  recently  concluded  that  Windows  is  37  percent 

faster  to  update  and  reconfigure  than  Linux, 
which  hits  at  the  heart  of  a  reliable  platform" 


their  platform  decisions  on  evaluations  of 
system  reliability,  TCO  and  security,  cus¬ 
tomers  will  make  thoughtful,  pragmatic 
choices  that  contribute  to  long-term  IT 
and  business  success. 

Reliability  is  often  referred  to  as  sim¬ 
ply  uptime,  but  you  seem  to  define  it 
much  more  broadly.  How  specifically 
do  customers  think  about  reliability? 

In  general,  customers  define  a  reliable 
platform  as  easy  to  configure  and  main¬ 
tain,  predictable  (especially  with  evolving 
business  requirements),  and  available 
to  end  users.  In  a  lab  environment,  it  is 
easy  to  narrowly  define  reliability  based 
strictly  on  uptime,  reboots,  etc.,  but  in 
real-world  scenarios,  customers  take  a 
x'icher,  more  comprehensive  view  of  reli¬ 


tions  showing  that  Linux  administrators, 
on  average,  require  69  percent  more 
time  than  Windows  administrators  to 
maintain  and  manage  their  operating 
environment.  There  are  a  number  of 
other  studies  along  the  same  lines — for 
example,  VeriTest  recently  concluded 
that  Windows  is  37  percent  faster  to  up¬ 
date  and  reconfigure  than  Linux,  which 
hits  at  the  heart  of  a  reliable  platform. 

In  addition  to  research  from  analysts, 
customers  have  evaluated  the  platforms 
and  drawn  conclusions  for  themselves. 
The  State  of  Illinois’  director  of  the 
Department  of  Central  Management 
Services,  Paul  Campbell,  has  come 
right  out  and  said,  “We  don’t  have  time 
for  science  projects — state  government 


needs  trusted,  tested  technology  that’s  re¬ 
liable  and  predictable  and  helps  us  seive 
our  constituents  efficiently  and  cost-ef¬ 
fectively.  Our  solution  based  on  Microsoft 
technology  is  saving  us  $10.5  million 
over  five  years  in  software  costs  alone.’ 

Where  can  customers  evaluating 
platforms  go  to  get  more  information? 

White  papers,  third-party  research, 
case  studies  and  more  can  be  found  at 
Microsoft’s  Get  the  Facts  site,  www. 
getthefacts.com.  There,  customers  can 
access  information  on  reliability,  TCO, 
security,  indemnification,  interoperabil¬ 
ity,  and  performance  of  the  Windows 
Server™  System  vs.  Linux. 

For  More  Information: 

Check  out  this  white  paper, 
“Reliability:  Analyzing  Solution 
Uptime  as  Business  Needs  Change,” 
by  Herbert  H.  Thompson,  Ph.D., 
on  behalf  of  Security  Innovation,  at 
www.cio.com/wbitepapers/microsoft 

Microsoft 


Custom  Publishing 


Security 


1 


The 


Partnership 

Where  do  the  boundaries  between  IT  and 
security  begin  and  end?  Who’s  responsible  for  what? 
How  do  you  decide?  When  it  works,  the  relationsh  ip 
between  CIO  and  CSO  can  be  a  beautiful  thing. 

BY  MICHAEL  GOLDBERG 


TriWest  Healthcare  Alliance  counts  on  John  Pontrelli  to  work  effectively 
with  his  technology  colleagues  to  provide  health  care  to  2.8  million  members 
of  the  U.S.  military  and  their  families  in  21  states.  As  VP  and  CSO,  Pontrelli’s 
responsibilities  cover  both  physical  security  and  information  security,  and  he 

has  found  it  imperative  to  form  a  tight  working  rela¬ 
tionship  with  his  CIO,  Rick  Green.  Pontrelli,  a  corpo¬ 
rate  security  expert  at  Microsoft  and  W.L.  Gore  before 
joining  TriWest  three  years  ago,  spoke  to  CIO  sister 
publication  CSO’s  managing  editor,  Michael  Goldberg, 
about  the  partnership  he  has  formed  with  his  CIO. 


Reader  ROI 

::  How  Hand  security  can  divvy 
up  responsibilities 

::  How  a  good  CIO-CSO  relation¬ 
ship  can  improve  performance 

::  Why  audit  is  a  naughty  word 


56  SEPTEMBER  1,  2006  |  www.cio.com 


PHOTO  BY  WAYNE  RAINEY 


Michael  Goldberg:  In  the  past,  you’ve 
described  TriWest  as  being  an  informa¬ 
tion  systems-dependent  company. 

What  does  that  mean? 

John  Pontrelli:  TriWest  is  in  21  states, 
basically  the  left  side  of  the  United  States, 
including  Hawaii  and  Alaska.  We  have 
over  120  locations,  and  they  are  all  con¬ 
nected  via  WAN  to  our  corporate  data 
center  in  Phoenix.  Most  of  our  sites  are 
on  military  installations,  so  we  have  to 
coordinate  with  the  military  when  we 
come  in  to  set  up  our  routing/switching 
equipment,  as  well  as  bringing  in  the 
phone  lines.  We  house  two  or  three  major 
applications  that  our  people  hit  from  all 
the  21  states  to  retrieve  data  and  to  input 
data.  We  have  a  lot  of  data  traversing  our 
21-state  region  at  any  given  time;  we  also 


push  our  VoIP  over  our  wide  area  net¬ 
work.  Our  entire  company  is  VoIP,  and 
our  security  systems  also  ride  over  our 
network,  so  our  network  stays  busy. 

That’s  a  good  segue  into  the  relationship 
you  have  with  your  CIO,  Rick  Green.  Could 
you  describe  the  nature  of  that  relationship 
and,  in  a  business  like  yours,  what  makes 
the  relationship  important? 

Rick  and  I  both  started  at  TriWest  approx¬ 
imately  three  years  ago.  He  came  in  to 
redefine  the  IT— not  only  the  infrastruc¬ 
ture  but  the  applications— and  we  had  just 
been  awarded  a  new  bid  from  the  Depart¬ 
ment  of  Defense.  He  had  a  huge  challenge 
in  front  of  him. 

I  was  hired  a  few  months  after  he 
came  on  board.  One  of  the  conversations 


we  had  was  around  security  and  IT.  My 
proposal  was  that  information  security 
should  reside  in  my  department,  primar¬ 
ily  to  free  him  up  to  focus  on  connectivity, 
availability  and  support  in  the  businesses 
but  also  because  implementing  all  of  the 
security  requirements  that  the  DoD  had 
levied  upon  us  was  somewhat  unmanage¬ 
able.  We  agreed  right  there,  from  the  very 
beginning,  that  that’s  how  we  were  going 
to  set  it  up  and  run  it. 

The  other  agreement  we  had  was  (and  I 
think  this  is  a  big  selling  point)  that  I  don’t 
audit  his  environment,  I  assess  it.  When 
we  are  assessing  the  security  posture  of 
our  routers,  switches,  databases,  servers 
and  desktops,  whatever  we  find,  we  share 
[that  information]  with  IT,  so  it’s  a  collab¬ 
orative  effort.  We  then  address  any  issue, 
whether  it’s  a  technical,  procedural  or  a 
person  issue.  If  something  has  bubbled  up 
to  the  point  where  it  needs  Rick’s  attention, 
I  meet  with  Rick.  We  meet  once  a  month, 
regardless,  to  go  over  a  list  of  things  we 
want  to  talk  about,  but  both  of  our  doors 
are  open  to  each  other  if  we  ever  want  to 
talk  about  technology  or  security.  We  pop 
in  on  each  other  all  the  time. 

There’s  a  lot  of  discussion  nowadays 
about  auditing  systems  and  procedures. 
You’re  emphasizing  assessment  as  a 
means  of  collaborative  communication. 
What’s  the  difference? 

I’m  a  big  fan  of  the  word  assessment-,  I 
don’t  like  the  word  audit.  It  carries  nega¬ 
tive  connotations;  it  separates;  it  creates 
an  adversarial-type  atmosphere  even  if 
there’s  a  collaborative  effort  going  on.  We 
never  use  the  word  audit  within  security 
and,  in  reality,  we’re  not  auditing.  We  have 
vulnerability  analysis  tools  that  allow  us 
to  scan  our  entire  environment,  from  the 
inside  as  well  as  the  outside.  We  do  this 
against  a  set  of  security  policies  that  we 
have  received  from  the  government  for  a 
certain  security  posture  that  we  need  to 
maintain  in  order  to  hold  onto  our  secu¬ 
rity  accreditation.  When  we’re  doing  these 
scans,  IT  is  aware  of  it.  They’re  always 
waiting  for  the  results  because  they  want 
to  know— just  as  much  as  security  wants 
to  know  if  the  environment,  application 


www.cio.com  |  SEPTEMBER  1,  2006  57 


Security 


or  network  is  not  meeting  requirements— 
because  they  want  to  get  it  where  it  needs 
to  be.  We’re  assessing,  we’re  collaborating, 
and  together  we  maintain  a  very  high  secu¬ 
rity  posture  at  TriWest  that  I  think  both 
Rick  I  are  very  proud  of. 

Is  there  a  loop  to  close  after  the 
assessment  to  see  that  changes, 
fixes  or  improvements  are  carried 
forward?  Is  that  handled  by  your 
group  or  the  CIO’s? 

It  depends  upon  whether  it’s  a  tech¬ 
nical,  procedural  or  people  issue. 

Our  scanning  goes  on  continually 
(we  have  a  set  scanning  schedule) 
so  if  the  issue  is  still  there  when  we 
go  back  and  scan  again  we  notify 
IT.  Most  times,  IT  tells  us  if  they’re 
going  to  be  able  to  fix  it  and  in  what 
period  of  time.  There’s  always  rea¬ 
sons  why  things  aren’t  where  they 
need  to  be,  but  the  good  part  is  we  all 
communicate  very  well  and  we’re  all 
on  the  same  page. 

From  my  perspective,  a  security 
perspective,  and  probably  from 
Rick’s  perspective  as  well,  the  last  thing  we 
want  to  do  is  be  surprised.  It’s  the  unknown 
that  really  keeps  me  awake  at  night. 

How  did  you  and  your  CIO  identify  the 
boundaries  between  security  and  IT. 

The  boundary  conversation  was  part  of  the 
initial  conversation  Rick  and  I  had  where 
we  agreed  that  it  made  sense  for  me  to  have 
information  security.  Some  of  the  typical 
security  toolsets  that  IT  was  either  looking 
at  or  was  using  moved  over  to  the  corporate 
security  team.  Some  of  the  more  traditional 
security  items,  which  can  also  be  called  IT 
items,  we  had  more  in-depth  conversations 
on,  such  as  firewall  management. 

For  example,  sometimes  the  firewall  is 
viewed  as  a  security  tool  and  other  times 
it’s  viewed  as  a  networking  or  routing  tool. 
My  initial  thought  was  perhaps  security 
should  oversee  the  firewall  so  we  could 
validate  the  firewall  rule  set,  do  our  assess¬ 
ing  and  make  sure  all  the  configurations 
were  correct.  The  response  to  that  was  like, 
“Well  John,  what  happens  if  someone  calls 
you  at  midnight  because  they  can’t  get  into 
the  network  and  they  need  you  to  open  up  a 


port?  Are  you  going  to  take  care  that?”  And 
I  said,  “No,  we  don’t  have  that  infrastruc¬ 
ture.  We’re  not  ready  to  be  a  24/7  customer 
support  for  connectivity  and  availability.” 
So  it  made  sense  for  an  item  like  that  to  stay 
within  IT  because  IT  is  accessible  24  hours 
a  day  to  help  our  business  customers. 


What  we  do  on  the  backside  is  collaborate 
to  make  sure  that  the  security  configura¬ 
tion,  process  and  policy  for  the  company  is 
in  place  and  being  followed. 

That  communication  must  carry  over  into 
new  kinds  of  operations  that  you  have  to 
implement. 

It  does.  We  recently  implemented  wireless. 
We’d  been  running  wireless  in  a  test  envi¬ 
ronment  for  over  a  year,  and  we  wanted 
to  put  it  into  production.  We  worked  with 
the  DoD  to  validate  our  security  posture 
and  configuration  for  our  wireless.  We  had 
multiple  meetings  between  security  and  IT, 
and  we  brought  in  an  outside  party  to  make 
sure  we  weren’t  missing  anything  and  that 
the  configurations  were  where  they  needed 
to  be.  Part  of  that  process  was  who’s  going 
to  write  the  policy  for  wireless,  what  kind 
of  forms  are  we  going  to  have  end  users 
fill  out,  who  is  going  to  oversee  the  con¬ 
figuration  and  who  is  going  to  monitor  the 
intruder  detection  for  wireless?  All  of  those 
pieces  needed  to  be  discussed  up  front  and 
agreed  to,  which  we  did.  We  implemented 
it,  and  we’re  happy  to  say  that  we  feel  very 


"I'm  a  big  fan  of  the 
word  assessment; 

I  don't  like  the  word 
audit.  It  carries  negative 
connotations;  it  separates; 
it  creates  an  adversarial- 
type  atmosphere  even  if 
there’s  a  collaborative  effort 

going  OP!.”  -John  Pontrelli 


good  about  our  wireless  implementation. 

You  make  the  point  that  the  relationship 
you  have  with  your  CIO  leads  to  both  higher 
expectations  and  higher  performance. 

Yes.  If  Rick  is  focused  on  connectivity, 
availability  and  making  sure  that  our  busi¬ 
ness  units  are  up  and  running,  and 
that’s  his  core  focus,  then  there’s  a 
pretty  high  expectation  set  there. 
Conversely,  the  same  holds  true 
on  the  security  side  around  confi¬ 
dentiality,  integrity  and  all  of  the 
things  we’re  doing  around  compli¬ 
ance  and  validating  that  our  sys¬ 
tems,  applications  and  everything 
are  configured  and  hardened  to  the 
level  they  need  to  be.  Now  it’s  very 
clear  to  the  senior  leadership  in  the 
company  who’s  in  charge  of  which 
area,  and  if  there’s  an  issue  in  one  of 
those  areas  they  know  where  to  go. 
It  creates  a  sense  of  accountability, 
a  sense  of  clarity  and,  I  think,  a  set 
of  higher  expectations. 

I 

What  do  you  think  is  the  most 
important  thing  for  CIOs  or  CSOs  to  think 
about  in  terms  of  their  relationship  with 
their  counterpart  in  security  or  in  IT? 

I  think  the  sooner  organizations  can  create 
that  collaborative  working  relationship 
between  the  CIO  and  the  CSO,  the  sooner 
the  organization  will  benefit.  Start  that 
relationship  and  set  some  of  the  areas  of 
responsibility  and  begin  meeting  on  a 
regular  basis.  I  learn  so  much  from  Rick 
every  time  I  meet  with  him.  At  the  same 
time,  he  knows  I’m  going  to  bring  to  him 
anything  that  I  see  securitywise.  We  col¬ 
laborate  well.  It  makes  going  to  work  every 
day  very  easy.  BE] 


CSO  Managing  Editor  Michael  Goldberg  can  be 
reached  at  mgoldberg@cxo.com. 


The  First  (and  Last)  Word  on  Security 


To  keep  up  to  date  with  everything  that’s 
going  on  in  the  parlous  and  ever-changing 
world  of  enterprise  information  security,  read 
Alarmed,  a  column  by  Senior  Editors  Scott 
Berinato  and  Sarah  D.  Scalet  (from  sister 
publication  CSO).  To  find  it,  go  to  www2.cio 
.com/research/security/alarmed.html. 


58  SEPTEMBER  1,  2006  |  www.cio.com 


How  paper  from  Oberkirch  reaches  the 
four  comers  of  the  globe.  Without  interruption 

The  Koehler  Group  in  Oberkirch,  Germany  is  one  of  the  world's  largest  makers  of  specialty 
paper,  used  to  make  everything  from  airline  tickets  to  Pokemon  cards.  Managing  their 
output  takes  continuous  24/7  production-and  HP  Integrity  servers  with  Intel  Itanium  2 
processors.  "We  produce  and  ship  over  1,500  tons  of  paper  each  day.  A  moment  of 
downtime  means  production  must  stop,”  says  Bruno  0.  Schwelling,  CFO.  "Itanium-based 
HP  Integrity  systems  have  virtually  eliminated  that  fear.”  itanium-integrity.com 


ITANIUM  +  INTEGRITY.  ON  AND  ON  AND  ON 


SL  LLLLIU-Ui...  - 

.  1:  _ 

n 

lam 

I  M  I1  i  atfl 

PI 

Km.'  1 

Mid-Market  Supply  Chain 


Supply  chain  software  has  been 
considered  too  risky  and  important 
to  be  hosted  by  outsiders.  That  is,  until 
you  consider  the  risks  and  expense  of 
installing  and  supporting  it  yourself. 

BY  MERIDITH  LEVINSON 


THREE  YEARS  AGO, 

Kawasaki  Motors  Corp.  USA  had  some  unhappy  dealers  on  its  hands.  The  $1.5  billion 
manufacturer  of  motorcycles,  ATVs  and  water  scooters  couldn’t  get  the  products  into 
showrooms  when  the  dealers  wanted  them— for  example,  water  scooter  deliveries  prom¬ 
ised  in  early  spring  arrived  too  early,  when  the  snow  was  still  falling.  As  a  result,  Kawa¬ 
saki  had  to  offer  discounts  and  rebates  to  drive  sales  in  the  off-season,  which  ate  into  the 
company’s  margins,  according  to  Roger  Peterson,  Kawasaki’s  vice  president  of  informa¬ 
tion  systems. 

The  reason  Kawasaki  couldn’t  get  the  right  prod¬ 
ucts  to  its  dealers  at  the  right  time  was  because,  like 
many  small  and  midsize  companies,  it  lacked  the 
technology  for  precise  collaboration  and  exchange 
of  demand  forecasts  with  its  parent  company, 

Kawasaki  Heavy  Industries,  which  manufactures 
I  the  products  that  Kawasaki  distributes  to  its  deal¬ 

ers.  The  cost  of  developing  and  maintaining  tradi- 


Reader  ROI 

::  How  the  security  of  hosted 
software  has  improved 

::  Why  the  hosted  model  may 
be  the  only  option  for  midsize 
IT  shops 

::  What  considerations  are  impor¬ 
tant  in  the  decision  to  buy 


60  SEPTEMBER  1,  2006  |  www.cio.com 


tional  supply  chain  applications  is  too  high 
for  Kawasaki,  which  spends  just  over  $10 
million  a  year  on  business  applications  and 
IT  infrastructure.  Peterson  estimates  that 
deploying  similar  software  in-house  would 
have  cost  several  million  dollars  and  sev¬ 
eral  years  of  effort.  So  in  early  2004,  Peter¬ 
son  began  looking  at  hosted  supply  chain 
collaboration  applications  that  ran  on  the 
vendor’s  computers  and  that  his  company 
could  access  over  the  Internet,  through  a 
Web  browser. 

Early  Risk 

While  so-called  hosted  or  on-demand  soft¬ 
ware  was  making  waves  in  the  CRM  space 
at  the  time,  it  was  nearly  unheard  of  in  sup¬ 
ply  chain  offerings.  Beth  Enslow,  Aberdeen 
Group’s  senior  vice  president  of  enterprise 
research  who  authored  a  study  this  spring 
on  hosted  supply  chain  applications,  says 
concerns  about  data  getting  lost  or  stolen 
and  system  reliability  prevented  compa¬ 
nies  from  entrusting  their  mission-critical 
supply  chain  activities  to  third  parties. 

Peterson  of  course  considered  the  issue  of 
security  and  reliability  of  the  hosted  systems 
he  was  evaluating.  “I  had  to  wrestle  with  the 
concern  about  putting  our  supply  chain 
application  out  with  a  third  party  over  the 


Internet.  That’s  our  family  jewels,”  he  says. 

But  Peterson  had  another,  larger  concern: 
Kawasaki’s  three  main  competitors— Honda, 
Harley-Davidson  and  Yamaha— which  are 
respectively  two  and  a  half  (Honda  and 
Harley)  and  one  and  a  half  times  larger  than 
Kawasaki— all  have  much  more  sophis¬ 
ticated  supply  chain  software  infrastruc¬ 
tures.  “We’re  not  one  of  the  big  dogs.  We’re 
one  of  the  smaller  players.  We’re  competing 
with  people  who  have  more  resources,  more 
people,  more  dollars  than  we  do,  yet  we  have 
all  the  same  problems,”  he  says.  So  Peterson 
decided  to  take  a  gamble  on  a  hosted  collab¬ 
orative  supply  chain  planning  application 
from  Mitrix,  which  his  company  deployed 
in  June. 

Today,  a  Viable  Solution 

Evaluating  hosted  supply  chain  manage¬ 
ment  software— whether  for  collaborative 
planning,  forecasting  or  transportation 
management— is  much  less  of  a  hand- 
wringing  experience  for  CIOs  today  than 
it  was  a  few  years  ago  due  to  the  business 
model  evolving  and  advances  in  technol¬ 
ogy.  Analysts  say  the  do-or-die  concerns 
about  security  have  largely  dissipated 
because  vendors  have  beefed  up  their 
firewalls,  intrusion  detection  systems 
and  encryption  techniques.  “Security  is  a 
baseline  requirement,”  says  Bill  McNee, 
founder  and  CEO  of  Saugatuck  Technology. 
“Whereas  that  was  more  of  a  concern  two 
to  three  years  ago,  virtually  all  software- 
as-a-service  players  have  overcome  that.” 
Consequently,  companies  large  and  small 
are  increasingly  using  hosted  software  to 
automate  and  run  core  business  activities 
such  as  supply  chain  management. 

The  same  factors  that  drove  companies  to 
embrace  hosted  CRM— easier  and  speedier 
implementations,  faster  time  to  benefits  and 
knowing  you’ll  always  be  on  the  most  current 
version  of  the  application  since  the  vendor  is 
responsible  for  upgrades— are  pushing  them 
to  adopt  hosted  software  for  such  aspects  of 
supply  chain  management  as  forecasting, 
collaborative  planning,  inventory  visibility 
and  transportation  management. 

Still,  the  hosting  option  should  not  be 
considered  lightly,  especially  if  you’re 
thinking  about  using  it  for  something  as 


critical  as  your  supply  chain.  Though  the 
security  situation  has  improved,  CIOs  still 
need  to  vet  the  vendors  for  proper  security 
procedures  and  monitor  their  adherence  to 
them.  And  the  issues  of  software  reliability 
and  integration  that  can  make  or  break  an 
in-house  implementation  are  no  less  impor¬ 
tant  when  the  software  is  hosted  by  an  out¬ 
sider.  In  fact,  those  concerns  about  security, 
reliability  and  ease  of  integration  are  even 
more  acute  in  the  supply  chain  world  where 
more  parties  need  to  connect. 

Read  on  for  examples  of  how  two  compa¬ 
nies  weighed  those  various  considerations. 

CONSIDERATION  1: 

Security 

At  a  time  when  hacking  is  the  new  favor¬ 
ite  pastime  of  teenagers,  companies  have 
legitimate  fears  about  keeping  their  data 
in  a  hosted  software  vendor’s  systems, 
because  they  have  no  direct  control  over 
those  systems.  Past  positive  experience 
using  an  application  service  provider 
helped  Kawasaki’s  Peterson  overcome 
his  concerns  about  his  company  sharing 
its  production  plans  with  its  manufactur¬ 
ing  parent  company  through  a  third-party 
over  the  Internet.  He  says  his  previous 
experience  using  an  ASP,  which  forced 
him  to  bone  up  on  SSL  protocol,  public- 
key  infrastructure  and  two-factor  authen¬ 
tication,  helped  him  determine  whether 
Mitrix’s  security  infrastructure  and  poli¬ 
cies  would  be  adequate.  Also,  knowing  the 
information  his  company  would  be  sharing 
would  be  limited  to  a  discrete  time  horizon 
(no  more  than  a  12-month  forward  projec¬ 
tion  of  its  production  plans)  mitigated  his 
concerns  about  the  safety  of  his  company’s 
data.  In  the  event  there  was  a  breach,  his 
company’s  risk  would  be  lower  than  if  it 
used  the  hosted  supply  chain  collaboration 
application  for  all  of  its  plans  (which  go  as 
far  as  36  months  out). 

CONSIDERATION  2: 

Reliability 

The  reliability  of  hosted  software  provid¬ 
ers’  systems  is  debatable.  Aberdeen  Group’s 
Enslow  says  current  users  of  hosted  sup- 


www.cio.com  |  SEPTEMEBR  1,  2006  61 


Mid-Market  Supply  Chain 


ply  chain  software  that  she’s  interviewed 
say  it’s  just  as  secure  and  just  as  reliable— if 
not  more  reliable— than  their  internal  sys¬ 
tems.  And  Mark  Koenig,  VP  at  Saugatuck 
Technology,  says  there’s  no  guarantee  that 
an  enterprise  customer  will  be  any  better 
at  running  an  application  internally  than 
a  third  party  “whose  business  it  is  [to  run 
that  application]  and  who’s  invested  heav¬ 
ily  in  being  available  24  by  7  by  365.” 

That  may  be  true,  but  the  service  outages 
that  Salesforce.com  customers  experienced 
in  late  2005  and  early  2006  renewed  the 
focus  on  reliability,  which  was  a  primary 
concern  for  Paul  Rizzo,  PepsiAmericas’ 
director  of  logistics,  when  he  deployed  a 
transportation  management  system  from 
LeanLogistics  in  2002.  To  quell  his  wor¬ 
ries,  his  company’s  IT  and  supply  chain 
groups  piloted  the  system  to  make  sure  it 
provided  the  functionality  and  reliability 
he  was  expecting,  and  that  it  integrated 
well  with  other  systems  inside  Pepsi.  The 
IT  group  also  discussed  with  LeanLogistics 


the  number  of  transactions  its  transporta¬ 
tion  management  system  could  handle 
and  wrote  financial  penalties  into  service- 
level  agreements  in  the  event  of  system 
downtime.  That’s  a  good  thing  because  he 
has  experienced  outages.  Fortunately,  he 
says,  the  outages  are  few  and  far  between 
(he  says  he  can  count  the  number  on  one 
hand),  and  the  one  that  lasted  the  longest 
was  only  a  few  hours,  which  hardly  crip¬ 
pled  his  organization. 

CONSIDERATION  3: 

Integration 

Integration  is  never  a  picnic,  whether  you’re 
deploying  software  in-house  or  using  hosted 
software.  But  the  idea  of  linking  your  inter¬ 
nal  systems  with  a  hosted  system  and  then 
needing  external  business  partners  to  tie  in 
to  that  system  can  seem  particularly  mind- 
boggling  for  some  potential  users  of  hosted 
supply  chain  software.  That  wasn’t  the  case 
for  Peterson,  however.  Integrating  his  ERP 


system  with  Mitrix’s  hosted  supply  chain 
collaboration  system  was  less  of  a  concern 
for  him  for  two  related  reasons.  First,  in  the 
1980s  he  created  a  metadata  repository  that 
identifies  all  of  the  relationships  between 
Kawasaki’s  data  structures,  programs,  and 
jobs  for  online  and  batch  programs.  His  IT 
staff  uses  this  data  repository  when  ana¬ 
lyzing  which  applications  will  need  to  be 
modified  as  a  result  of  any  integration  or 
enhancement  effort.  Once  they’ve  deter¬ 
mined  the  interface  points  between  a  new 
application  and  existing  applications,  they 
use  the  data  repository  to  identify  all  the 
existing  data  structures  and  processes 
that  may  require  changes  to  integrate  with 
a  new  system.  Peterson  knew  he  could  rely 
on  this  resource  to  help  the  integration  pro¬ 
ceed  more  smoothly.  Second,  having  been 
through  a  complicated  integration  proj¬ 
ect  in  1999  that  involved  hooking  up  his 
company’s  back-end  mainframe  systems 
to  a  new  front-end  e-commerce  system,  he 
knew  his  staff  was  up  to  the  task  of  linking 


Living  Laige 

Hosted  supply  chain  software  can  let  mid-market  companies  act  like— and  meet 
the  demands  from— big  companies.  But  there  are  risks. 


CIO:  What  challenges 
do  mid-market  compa¬ 
nies  face  with  respect 
to  managing  their  sup¬ 
ply  chains? 

Aberdeen  Group  SVP 
Beth  Enslow:  Mid-mar¬ 
ket  companies  have  to 
meet  very  demanding 
requirements  from 
larger  customers.  These 
larger  companies  have 
very  specific  mandates 
on  how  they  want  their 
orders  fulfilled,  how 
they  want  them  packed 
and  shipped,  and  what 
kind  of  information 
they  want  about  those 
orders  and  their  status. 


One  of  the  challenges 
mid-market  companies 
face  then  is  that  most  of 
them  don’t  have  the  IT 
infrastructure  to  do  this 
in  an  efficient  manner. 
They  end  up  having  to 
throw  lots  of  people  at 
the  problem. 

What  technologies  can 
help  mid-market  com¬ 
panies  work  with  their 
supply  chain  partners? 

They  need  a  platform  to 
exchange  information 
electronically,  whether 
forecasts,  order  infor¬ 
mation  or  status  infor¬ 
mation,  and  they  need 


to  have  good  visibility 
into  what’s  happening 
with  specific  orders.  If 
you  have  information 
electronically,  not  only 
are  you  reducing  the 
human  cost  involved  in 
sharing  information,  but 
you  can  now  collabo¬ 
rate  at  a  deeper  level 
because  you’re  able  to 
share  a  wider  degree 
of  information.  Shar¬ 
ing  information  elec¬ 
tronically  helps  reduce 
errors  and  perhaps 
most  importantly  helps 
cut  lead  times  so  that 
you  can  deliver  goods 
more  flexibly  and  faster 


to  the  end  customer. 

We  see  mid-market 
companies  becoming 
more  interested  in  on- 
demand  supply  chain 
management  applica¬ 
tions  because  they 
present  a  less  expensive 
and  less  disruptive  way 
for  them  to  access  this 
technology. 

What  do  you  mean  by 
less  disruptive? 

Mid-market  companies 
simply  don’t  have  the 
bodies  available  to  go 
through  a  traditional 
software  evaluation  and 
implementation  pro¬ 


cess  and  then  keep  that 
system  up  to  date.  With 
on-demand  software,  a 
lot  of  that  [implementa¬ 
tion]  work  is  now  done  by 
the  vendor,  which  mini¬ 
mizes  disruptions  to  the 
IT  staff.  For  mid-market 
companies,  on-demand 
has  proven  to  be  a  faster 
way  to  get  solutions  up 
and  running,  the  ROI  is 
faster,  and  you  won’t  find 
yourself  three  or  four 
versions  behind  and  not 
having  access  to  the  new¬ 
est  functionality,  because 
the  vendor  takes  care  of 
that  for  you. 

-M.L. 


62  SEPTEMBER  1,  2006  |  www.cio.com 


ADVERTISEMENT 


EXECUTIVE 

VIEWPOINT 


CIO  EXECUTIVE  VIEWPOINT 

eBilling  means  eBusiness 


Mike  Seashols 
Chairman  of  Avolent 

The  current  business  imperative  is  to  deploy  operations  that  place  the  customer  at 
the  center  of  all  interactions.  The  emphasis  clearly  shifts  to  how  friendly  and  ef¬ 
ficient  processes  are  from  the  customers’  viewpoint.  Interactive,  self-service  elec¬ 
tronic  hilling  and  payment  applications  address  one  of  the  greatest  opportunities  for 
reshaping  a  fundamental  customer  interaction,  turning  the  invoice-to-pay  process 
into  a  customer  service  asset.  Avolent  is  the  leader  in  providing  applications  that 
enable  organizations  to  make  this  transition. 


What  are  electronic  billing  and  pay¬ 
ment,  and  why  are  they  so  important 
to  business? 

The  two  most  influential  business  trans¬ 
formations  happening  today  are  the  shift 
to  an  electronic  business  (eBusiness)  vs. 
paper-based  model,  and  the  need  to  alter 
your  business  perspective  to  a  customer¬ 
centric  model.  Electronic  billing  and 
payment  mean  evolving  away  from  paper 
bills  and  checks  -  and  the  related  cus¬ 
tomer  service  phone  calls  and  interactions 
associated  with  them  -  to  a  convenient 
online  application  that  customers  can  use 
to  complete  any  number  of  transactions, 
according  to  their  own  timetable.  It’s 
important  because  eBilling  and  ePayment 
comprise  the  “last  mile”  of  your  compa¬ 
ny’s  interaction  with  your  customers.  A 
comprehensive  customer-centric  eBilling 
approach  creates  substantial,  real  value. 


to  make  payments  online  and  receive 
their  invoices  via  e-mail.  Likewise,  there 
is  a  substantial  “push”  effect  caused  by 
the  need  for  organizations  to  add  value 
to  their  web  portals,  reduce  costs  and 
improve  their  intimacy  with  their  custom¬ 
ers  by  offering  eBilling.  Moreover,  many 
companies  find  considerable  value  from 
offering  eDisputes  or  self-service  settle¬ 
ment  of  disputes,  since  several  industries 
experience  dispute  interactions  that  are  as 
high  as  30  percent  of  their  initial  billings. 

What  is  the  core  value  proposition  of 
eBilling  and  ePayment? 

Very  few  initiatives  can  deliver  the  kind 
of  value  that  businesses  reap  from  inter¬ 
active  electronic  billing  and  payment. 

The  savings  from  operational  improve¬ 
ments,  such  as  reduced  paper  expense 
and  simplified  processes  that  result  in 


"The  savings  from  operational  improvements, 

such  as  reduced  paper  expense  and  simplified 
processes  that  result  in  decreases  in  staffing, 

often  generate  a  payback  within  12  months." 


Why  is  the  time  right  for  eBilling? 

The  momentum  for  eBusiness  has  been 
accelerating  steadily,  with  most  organi¬ 
zations  having  spent  the  past  few  years 
launching  their  web  portals.  Now  they 
seek  more  value  and  leverage  from  their 
eBusiness  investments.  Customers,  as 
well,  have  been  investing  in  their  own 
electronic  processing  applications,  with 
ePayments  being  a  widespread  initial 
choice.  This  is  creating  a  customer- driven 
“pull”  effect  as  customers  seek  the  ability 


decreases  in  staffing,  often  generate  a 
payback  within  12  months.  Tack  on  the 
benefits  of  accelerated  cash  flow,  in¬ 
creased  revenues  and  enhanced  business 
compliance,  and  it’s  no  wonder  customers 
such  as  Office  Depot  proclaim  eBilling 
one  of  their  top  ROI  projects  for  the  year. 
Companies  improve  the  level  of  customer 
service  and  conveniences  they  provide, 
and  in  doing  so  they  gain  an  important 
advantage  in  acquiring  and  retaining  cus¬ 
tomers  in  today1  s  self-service  economy. 


How  is  Avolent’s  solution  different 
from  other  types  of  electronic  billing? 

When  most  organizations  designed  their 
eBusiness  and  web  portal  strategy,  their 
initial  eBilling  and  ePayment  implemen¬ 
tation  was  typically  based  on  delivering 
an  electronic  version  of  their  paper  bill 
as  a  PDF  document.  While  that  strategy 
has  served  a  purpose  in  helping  to  lower 
operations  costs,  it  has  not  met  a  core 
customer  requirement,  namely  the  ability 
to  receive,  process,  analyze,  dispute  if 
necessary,  and  pay  on  their  own  terms, 
with  their  own  processes  and  on  their  own 
schedule.  That  is  exactly  what  Avolent 
enables:  a  truly  self-service,  interactive 
environment  in  a  convenient,  always- 
available  application. 

For  More  Information: 

Check  out  this  white  paper, 

“Leveraging  the  Internet-based  in¬ 
teractive,  self-service  economy”,  at 
www.cio.com/whitepapers/avolent 

Avolent^ 

www.avolent.com 


Custom  Publishing 


Mid-Market  Supply  Chain 


with  the  third-party  system. 

At  PepsiAmericas,  Rizzo  says  integrating 
his  company’s  existing  inventory  manage¬ 
ment  and  deployment  systems  with  Lean- 
Logistics’  transportation  management 


system  required  just  40  hours  of  two  of 
his  company’s  IT  workers.  “I’ve  done  a  lot 
of  systems  implementations  in  my  career. 
This  was  by  far  and  away  the  easiest  one 
we  ever  did,”  says  Rizzo.  “We  flipped  the 
switch,  the  integration  worked  flawlessly, 
and  we  never  looked  back.”  Had  Pepsi¬ 
Americas  built  its  own  transportation 
management  system  in-house,  its  IT  staff¬ 
ers  would  have  had  to  connect  all  SO  of  its 
carriers  to  the  system  on  their  own. 

CONSIDERATION  4: 

Customization 

If  you  have  any  desire  to  customize  a  supply 
chain  application,  you  should  forget  about 
using  a  hosted  provider.  Customization 
defeats  the  purpose  of  an  on-demand  solu¬ 
tion,  which  is  designed  to  be  one-size-fits-all 
in  order  to  provide  the  vendor  with  the  econ¬ 
omies  of  scale  it  needs  to  keep  its  costs  low 
and  make  upgrades  easy.  “Hosted  solutions 
are  built  to  be  very  configurable,  so  you  can 
have  your  own  role-based  views  and  flex¬ 
ible  user  interface,  but  if  you’re  looking  to  do 
hard-core  customization  of  an  application, 
they  aren’t  a  good  fit,”  says  Enslow. 

Hosted  collaborative  supply  chain  plan¬ 
ning  software  suited  Kawasaki  because  it 
reduces  the  development  time  and  mini¬ 
mizes  the  need  for  customization.  He 
didn’t  see  the  point  of  customizing  what 
he  perceives  as  an  infrastructure  solution. 
“So  much  of  the  supply  chain  is  really  just 
plumbing.  It  doesn’t  have  any  effect  on  what 
you  decide  the  market  is  really  demanding 


and  what  product  you  actually  build,”  he 
says.  “You  can  always  make  an  argument 
that  a  custom  solution  will  let  you  differ¬ 
entiate  yourself  more  from  a  competitive 
standpoint,  but  I  think  it’s  more  important 


to  have  your  design  engineers  coming  up 
with  innovative  product  designs  to  differ¬ 
entiate  yourself  as  opposed  to  tweaking 
your  application  infrastructure.” 

CONSIDERATION  5: 

Compliance  and 
Data  Access 

In  the  post  Sarbanes-Oxley  world,  a  com¬ 
pany’s  ability  to  certify  the  integrity  of  its 
financial  systems  and  the  data  contained 
in  them  is  of  paramount  importance  (if 
you  don’t  want  anyone  to  go  to  jail,  that  is). 
Because  you  don’t  own  the  software  you’re 
using,  executives  see  the  hosted  model  as 
a  risky  proposition  because  they  have  lit¬ 
tle  control  over  the  process  and  timing  of 
upgrades,  and  keeping  documentation  up 
to  date  is  more  difficult.  Saugatuck’s  Koe¬ 
nig  says  chief  compliance  officers  are  par¬ 
ticularly  wary  of  hosted  software  because 
they’re  the  ones  who  are  on  the  hook  for 
the  integrity  of  the  systems  used  by  their 
company,  regardless  of  who  is  supplying 
those  systems. 

So  if  you’re  using  hosted  software,  you 
have  to  make  sure  your  vendor  can  vouch 
for  the  integrity  of  its  systems  because  if 
your  company  or  your  vendor  comes  under 
attack  by  the  Securities  and  Exchange 
Commission,  there’s  going  to  be  a  lot  of 
finger-pointing,  and  you  need  to  do  your 
due  diligence  before  that  happens.  Ensure 
ahead  of  time  that  you  can  get  access  to 
your  data  in  the  event  you  need  to  for  legal 
reasons  or  if  your  vendor  goes  belly  up. 


Data  access  was  critical  for  Rizzo,  who 
contracted  with  LeanLogistics  while  the 
transportation  management  software 
provider  was  still  a  relative  newcomer. 
Rizzo  wasn’t  so  much  worried  about  Sar- 
banes-Oxley,  which  wasn’t  yet  law  when 
he  implemented,  as  he  was  concerned 
about  LeanLogistics’  longevity.  Since  his 
company’s  contracted  rates  with  its  50 
transportation  providers  are  stored  in 
LeanLogistics’  transportation  manage¬ 
ment  system,  he  didn’t  want  to  have  to  re¬ 
create  from  scratch  all  of  those  nuanced 
contracts  if  LeanLogistics  went  under,  so 
he  made  sure  he’d  be  able  to  get  that  infor¬ 
mation  in  a  flat  file  from  LeanLogistics  by 
writing  it  into  PepsiAmericas’  contract 
with  the  vendor. 

So  Far,  So  Good 

Aside  from  a  few  outages,  only  good  things 
have  come  from  PepsiAmericas’  partner¬ 
ship  with  LeanLogistics.  Rizzo  says  his 
company  has  saved  money  on  staffing  in  its 
accounts  payable  department  because  the 
transportation  management  system  also 
pays  invoices  automatically,  electronically. 
He  says  dispatchers  are  more  productive 
because  the  system  relieves  them  of  mun¬ 
dane  tasks  like  identifying  which  trans¬ 
portation  provider  can  bring  a  truckload 
of  Pepsi  cans  to  a  particular  warehouse  on 
a  particular  day.  The  hosted  system  has 
reduced  such  “nonvalue  added”  work  by 
as  much  as  15  percent,  he  says. 

As  for  the  business  benefits  Kawasaki  is 
seeing  from  using  Mitrix’s  hosted  supply 
chain  collaboration  application,  Peterson 
says,  it’s  too  early  to  tell  (at  the  time  this 
story  was  reported,  Kawasaki  had  just 
started  deploying  the  software),  but  he’s 
hopeful  that  next  spring  the  water  scooters 
won’t  start  arriving  until  after  the  snow 
has  stopped.  GQ 


Senior  Writer  Meridith  Levinson  can  be  reached 
at  mlevinson@cio.com. 


Hosting  Goes  Mainstream 


To  read  highlights  from  Aberdeen  Group’s 
2006  survey,  THE  ON-DEMAND  TIPPING 
POINT  IN  SUPPLY  CHAIN,  go  online  to 
www.cio.com/090106. 

cio.com 


I  HAD  TO  WRESTLE  WITH  THE 
CONCERN  about  putting oursupply 
chain  application  out  with  a  third  party 
overthe  Internet.  That’sourfamily  jewels.” 

-Roger  Peterson,  VP  of  IS,  Kawasaki  Motors  Corp.  USA 


64  SEPTEMBER  1,  2006  |  www.cio.com 


Itfs  OK  to  show  off  to  your  friends 
that  you  were  in  CIO. 


But  it’s  even  better  to 
show  your  customers. 


What  better  way  to  inform  your  key  customers 
of  your  editorial  coverage  in  CIO  than  through 
customized  Editorial  Reprints? 


% 


Leverage  the  positive  impact  of  your  editorial 
coverage  by  using  reprints  for  direct  mail 
campaigns,  seminar  promotions,  employee 
communications,  recruiting  and  marketing 
programs.  Let  us  enhance  your  reprints  with  your  company’s 
logo,  address,  and  sales  message.  Reprints  make  great  SALES  tools 
for  trade  shows,  mailings  or  media  kits. 


And  while  a  framed  copy  of  your 
article  will  look  neat  on  your  wall,  it 
will  look  even  better  in  the  hands  of 
your  customers. 


Business  Technology  Leadership 


p  Ars 


■  Ancillary  ||  jgjgjn 

Revenue  H  S 

Services  H  L.-; 

[INTERNATIONAL  CORP.  I 

[managed  reprint  programs  I 


For  more  information  on  customized  editorial  reprints  in  volume  quantities, 
contact  Jennifer  Eclipse  at  212.221.9595  x237  or  email  jeclipse@parsintl.com. 
Website:  www.magreprints.com/quickquote.asp 


SALES  AND  SERVICES 


CIO  SALES  OFFICES 
President  and  CEO 

Michael  Friedenberg 
508  935-4310 
Publisher 
Gary  J.  Beach 
508  935-4202 

EAST  COAST 

VP  Sales,  East 

Bob  Bragdon 
508  935-4443 

Regional  Sales  Manager 

Ellie  St.  Louis 
201634-2332 

Senior  Sales  Associate 

Norma  Tamburrino 
201634-2329 
Fax  •  201 634-9513 

NEW  ENGLAND 

Senior  District  Sales  Manager 

Andrew  Haney 
508  935-4586 
Sales  Operations  Manager 

Dawn  Cora 
508  935-4092 
Fax  •  508  879-6063 

NORTH  CENTRAL 

Regional  Sales  Manager, 
Southwest 

Beth  DeVillez 
847  759-2727 

Advertising  Sales  Associate 

Kim  Giovanni 
847  759-2728 
Fax  •  847  759-2729 


WEST  COAST 

VP  Sales,  West 

Bob  Melk  •  415  975-2685 

Senior  Regional  Sales  Manager 

Ai  Collins  *415  975-2686 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 
Account  Executive 
Derek  Jung  •  415  975-2683 
Fax  •  415  543-2358 
Senior  Account  Executive 
Sara  Mascall  •  415  978-3385 
Ad  Sales  Associate 
Devon  Slattery  •  415  975-2687 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

ONLINE  SERVICES 
VP,  Online  Sales 

Jim  Alla  *508  988-6763 

Online  Account  Executive 

Danielle  Tetreault 
508  988-7969 

Online  Client  Services 
Specialist 

Valerie  Sumner  •  508  988-7877 


CUSTOM 
PUBLISHING 
VP,  Integrated  Media 

Matt  Avery  •  508  935-4796 

Director  of  Sales 

Mary  Gregory  •  508  988-6765 

Executive  Editor  and 
Director  of  Operations 

Tom  Field 

Director,  Integrated 
Project  Management 

Mo  Barrett 

Managing  Editor 

Jim  Malone 

Senior  Project  Manager 

Amy  Greenleaf 
Project  Managers 

Karen  Capland, 

Jon  Heinrich 

LIST  SERVICES 

Contact  Paul  Capone  of  IDG  List 
Services  at  508  370-0865  or 
pcapone@idglist.com. 

REPRINT  SERVICES 

For  article  reprints  (100  quan¬ 
tity  or  more),  please  contact 
Jennifer  Eclipse  at  PARS 
International  at  212  221-9595 
x237  or  via  e-mail  at  jeclipse@ 
parsintl.com. 


CIO  is  published  in  the 
U.S.  as  well  as  in: 
Australia,  CIO  Australia 


www.idg.com.au 
Canada,  CIO  Canada 
cio.  itworldcanada.com 
China,  CEO  &  CIO  China 
www.ceocio.com.cn 
France,  CIO  France 
www.idg.fr/cio 
Germany,  CIO  Germany 
www.cio.de 
India,  CIO  India 
91-80-521-0309/12 
Japan,  CIO  Japan 
www.idg.co.jp 
The  Netherlands, 

CIO  Netherlands 
www.cio.nl 

New  Zealand,  CIO  New  Zealand 
www.idg.co.nz 

Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland 
www.cxo.pl 

Singapore,  CIO  ACEN/ 
Hong-Kong  www.idg.com.sg 
South  Korea,  CIO  Korea 
www.cio.seoul.kr 
Sweden,  CIO  Sweden 
www.cio.idg.se 

For  further  sales  information: 

www2.cio.com/marketing/ 

aboutcio/contacts.cfm 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention.  This  index  is 
provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

Aberdeen  Group  Inc . 60 

Advanced  Micro  Devices  Inc . 15 

American  Power  Conversion  Corp . 15 

Bank  of  New  York  Inc.,  The . 15 

Boston  Consulting  Group  Inc.,  The . 15 

Cafd  Enterprises . 15 

Citigroup . 15 

CNA  Financial  Corp . 40 

Computer  Sciences  Corp . 15 

Dykema  Gossett  PLLC . 23 

ESP  Systems  LLC . 15 

General  Motors  Corp . 40 

Google  Inc . 23 

Harrah’s  Entertainment  Inc . 40 

Harvey  Nash  Group  PLC . 40 

Hudson  Highland  Group  Inc . 40 

Jets  International . 23 

Juniper  Networks  Inc . 40 

JupiterResearch . 15 

Kawasaki  Motors  Corp.,  USA . 60 

Macehiter  Ward-Dutton . 15 

Microsoft  Corp . 23 


Mississippi  Power . 15 

Northwestern  Mutual 

Life  Insurance  Co.,  The . 40 

Penske  Corp . 40 

PepsiAmericas  Inc . 60 

Phoenix  Technologies  Ltd . 23 

Robert  Half  International . 40 

Saugatuck  Technology  Inc . 60 

Skanska . 40 

Standish  Group 

International  Inc.,  The . 28 

TriWest  Healthcare  Alliance . 56 

ADVERTISER  INDEX 

Avaya  Inc . 17 

Avolent  Inc . 63 

Cingular  Wireless . 45 

Citrix  Systems  Inc . 19 

Compuware  Corp . 13 

CXO  Media  Inc .  29,  65, 67 

Dell  Inc . 2 

EMC2  Corp . 31 

Fujitsu  Computer  Systems  Corp . 39 


Hewlett-Packard  Co.  (regional) . 33 

IBM  Corp . C2 

Informatica  Corp . 35 

Intel  Corp . 50, 59 

InterSystems  Corp . 22 

ISACA . C3 

Microsoft  Corp . 25,  55 

MRO  Software  Inc . 21 

Orange  Business  Services .  27 

Pillar  Data  Systems . 9 

Primavera  Systems  Inc . 49 

Protiviti  Inc .  11 

Right  Now  Technologies .  7 

SAS . 14 

SunGard  Availability  Services . 53 

Sybase . 4 

Symantec  Corp . C4 

Tata  Consultancy  Services  Ltd . 47 

Toshiba  America 

Information  Systems  Inc . 28a 

webMethods  Inc .  37 


CIO  CONTACT 
INFORMATION 

Editorial,  Advertising  and 
Business  Offices:  CXO  Media 
Inc.,  492  Old  Connecticut  Path, 
P.O.  Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080. 

CIO  (ISSN  0894-9301)  is  pub¬ 
lished  semimonthly  and  as  a 
combined  issue  Dec.  15/Jan.  1  by 
CXO  Media  Inc.  Periodicals  post¬ 
age  paid  at  Framingham,  MA,  and 
at  additional  mailing  offices.  Can¬ 
ada  Publications  Mail  Agreement 
Number  1902075.  CANADIAN 
POSTMASTER:  Please  return 
undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2006 
by  CXO  Media  Inc.  All  rights 
reserved.  Reproduction  of 
material  appearing  in  CIO 
is  forbidden  without  written 
permission.  Send  all  requests 
to  Yadira  Pizarro,  PARS  Interna¬ 
tional,  212  221-9595,  Ext.  231, 
oryadira@parsintl.com. 

Photocopy  Rights:  Permission 
to  photocopy  for  internal  or 
personal  use  or  the  internal  or 
personal  use  of  specific  clients  is 
granted  by  CIO  for  users  through 
the  Copyright  Clearance  Center, 
provided  that  the  base  fee  of  $3 
per  copy  of  the  article,  plus  $.50 
per  page  is  paid  directly  to  Copy¬ 
right  Clearance  Center,  27  Con¬ 
gress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does 
not  extend  to  contributed  articles 
followed  by  this  symbol:  f. 

Subscriptions:  CIO  is  free  to 
qualified  information  executives. 
To  apply,  use  our  online  subscrip¬ 
tion  form  at  www. subscribe. 
cio.com.  Subscriptions  are  also 
available  on  a  paid  basis  at  a 
rate  of  $95  for  the  United  States 
and  Canada,  $195  International 
(payable  in  U.S.  funds  only)  and 
may  be  ordered  online  at  www. 
subscribe.cio.com/services. 
html.  Or  address  inquiries  to 
CIO,  P.O.  Box  489,  Northbrook, 

IL  60065-0489;  866  354-1125. 
Please  allow  four  to  six  weeks  for 
a  new  subscription  to  begin.  The 
single  copy  price  is  $9  for  the 
United  States  and  Canada,  and 
$15  International.  Prepayment  is 
required,  payable  in  U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio 
and  follow  the  online  instructions. 

Postmaster:  Send  change  of 
address  to  CIO,  P.O.  Box  489, 
Northbrook,  IL  60065-9816. 
Printed  in  the  U.S. A. 


66  SEPTEMBER  1,  2006  |  www.cio.com 


cal  I  for  entries 


We’re  looking  for  the 
next  generation  of 
standout  IT  leaders. 


Nominees  should 
currently  be  top  IT 
lieutenants— but  not 
yet  full-fledged  CIOs. 

Watch  for  the  application  to  appear 
online  at  www.cio.com/awards/watch. 


Candidates  will  be 
nominated  by  their  CIO  based 
upon  the  characteristics 
identified  in  the  application  at 
www.cio.com/awards/watch. 
Candidates  may  also  nominate 
themselves  or  be  nominated 
by  another,  but  all  nominations 
must  be  endorsed  by  a  CIO. 

A  panel  of  leading  CIOs  will 
judge  the  nominees  and 
choose  the  winners,  who  will 
be  featured  in  a  special 
May  2007  issue  of  CIO. 


Presented  by  CIO  magazine  and  the  CIO  Executive  Council. 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


Winners  will  also  be 
honored  at  the  third  annual 

CIO  Leadership  Conference 

to  take  place  May  2007. 

We  will  accept 
nominations  from  Sept.  1 
through  Nov.  15.  For  more  about 
this  prestigious  award,  go  to 

www.cio.com/awards. 


Business 

Technology 

Leadership 


REAL-LIFE  I  .T.  AWARDS 


And  the  Winner  Is... 

Recognizingthe  small  victories  that  make  it  all  worthwhile 


$ nMTV* 


ACTORS  HARDLY  LACK  for  opportuni¬ 
ties  to  win  awards.  Stagger  in  front  of  a 
camera  and  you're  immediately  eligible 
for  everything  from  the  Oscars  to  the 
Pensacola  Film  Critics  Circle  Silver  Peli¬ 
cans.  For  IT  folk,  however,  tuxedo  season 
begins  and  ends  with  the  CIO  100  Awards, 
which  were  handed  out  late  last  month. 

But  since  one's  credenza  can 
never  boast  too  much  Lucite,  here’s 
a  list  of  awards  that  laborers  in  the 
field  of  IT  deserve  but  no  one— until 
now— has  thought  to  dole  out. 

Best  Help  Desk  Response 
to  an  Executive  with  Anger 
Management  Issues 
winner:  Charlene  Mellowhead, 

Support  Specialist,  Faversham 
&  Faversham  Consulting 
"Dear  Bob:  I’m  putting  a  Xanax 
in  the  interoffice  mail  right  now. 

Call  me  back  when  it  kicks  in.” 

Best  Excuse  for  Missing  a 
Vendor  Meeting 
winner:  Josh  Budgetson,  CIO, 

North,  East  and  West  Freight  Lines 

"I  was  in  with  the  CEO  reviewing  our  plan 
to  cut  our  IT  spend  by  80  percent  next 
year.  But  let’s  re-sked  and  we  can  talk 
about  your  new  pricing  structure  then.” 

The  Ethan  Hunt 
“Mission:  Impossible”  Award 
winner:  Jennifer  Nerveless,  Network 
Support  Specialist,  Burger  Kingdom 

For  successfully  identifying  and  yank¬ 
ing  from  a  tangle  of  268  unlabeled 


cables  the  dark  green  Ethernet  link 
connected  to  the  dead  server— and 
not  the  lime  green  one  supporting 
the  whole  company’s  VOIP  service. 

Most  Trouble-Free  RFID 

Implementation 

winner:  Snazzy  Packaged  Goods 

“We  used  a  phenomenal  new  technol¬ 
ogy  called  printed  barcodes  for  tracking 
purposes,”  says  RFID  team  leader,  Maria 
Practicali.  “They’re  1/100  the  price  of 
RFID  tags,  and  much  more  reliable.” 

Fastest  Response  to  an 
Emergency  Page  on 
Saturday  Night  at  11:44  p.m. 
winner:  Nick  Insomniotis,  SysAdmin, 
Alliance  Power  Systems  (18  seconds) 
“The  trick  is  never  leaving  the  office,” 
says  Insomniotis.  "My  futon  fits  perfectly 
on  the  floor  of  the  telecom  closet.” 

Best  E-Mailed  Outage  Alert 
winner:  Eric  Middleman,  Network  Man¬ 
ager,  Money  Pit  Financial  Advisors 

"Web  access  will  be  unavailable  from  9:30 
a.m.  to  10:30  a.m.  for  a  firewall  upgrade. 
Here’s  a  crazy  idea:  What  if  you  stopped 
surfing  Gawker  and  CBS  SportsLine 
and  tried  doing  some  actual  work?” 

Slickest  Project  Management  Spin 
winner:  Fred  Silvertonsils,  Worldwide 
Global  Express  Shipping  &  Logistics 

After  blowing  by  three  deadlines  for 
launching  a  new  online  customer 
service  module,  he  redefined  those 
deadlines  as  "Pre-Alpha  Internal  Test 


Period,”  "Feedback  Gathering"  and 
"Feedback  Assimilation.”  Beta  launch 
is  now  slated  for  September  2007. 

Best  Performance  at  a 
Panel  Discussion 
winner:  Shelly  Shrewdski,  CIO, 

Our  House  Mortgage  Lenders 

Sitting  between  EVPs  from  SAP  and 
Microsoft,  Shrewdski  said  that  “propri¬ 
etary  software  is  the  dinosaur  trapped  in 
the  open  source  tar  pit.”  (Shrewdski,  coin¬ 
cidentally,  is  in  the  midst  of  contract  nego¬ 
tiations  with  both  SAP  and  Microsoft.) 

Coolest  Use  of  a  BlackBerry 
During  a  Cocktail  Party 

No  winners  in  this  category  this  year.  To 
all  those  who  entered,  better  luck  in  2007. 


■ 


68  SEPTEMBER  1,  2006  |  www.cio.com 


ILLUSTRATION  BY  RICHARD  BORGE 


Bridging  the  gap  between  control 

REQUIREMENTS,  TECHNICAL  ISSUES  AND  BUSINESS  RISKS 


Successful  organizations  understand  the  benefits  of  information  technology 
(IT)  and  use  this  knowledge  to  drive  their  shareholders’  value.  They  recognize 
the  critical  dependence  of  many  business  processes  on  IT,  the  need  to  comply 
with  increasing  regulatory  compliance  demands  and  the  benefits  of  managing 
risk  effectively.  To  aid  organizations  in  successfully  meeting  today’s  business 
challenges,  the  IT  Governance  Institute®  (ITGI)  has  published  version  4.0  of 
Control  Objectives  for  Information  and  related  Technology  (CobiT®). 


CobiT  4.0  marks  the  first  major 
update  of  the  Control  Objectives 
for  Information  and  related 
Technology  (CobiT®)  core 
content  since  the  release  of 
CobiT  3rd  Edition  in  2000. 

The  new >  CobiT  volume  consists 
of  four  sections: 


CobiT  is  an  IT  governance  framework  and  supporting  toolset  that  allows 
managers  to  bridge  the  gap  between  control  requirements,  technical  issues 
and  business  risks.  CobiT  enables  clear  policy  development  and  good 
practice  for  IT  control  throughout  organizations.  ITGI’s  latest  version- 
CobiT®  4.0-emphasizes  regulatory  compliance,  helps  organizations  to 
increase  the  value  attained  from  IT,  enables  alignment  and  simplifies 
implementation  of  the  CobiT  framework. 


Additional  information  about  CobiT  4.0  is  available  at  www.isaca.org/cobit. 

The  publication  can  be  downloaded  for  no  charge  on  the  web  site.  CobiT  4.0  can  also  be 
purchased  at  www.isaca.org/bookstore,  along  with  other  valuable  CobiT  products. 

A  complete  version  of  the  COBIT  4.0  framework  card  that  includes  the  overall  framework, 
goals  and  processes  tables,  mapping  chart  and  COBIT  product  diagram/descriptions  is 
available.  To  obtain  your  free  copy  of  the  COBIT  4.0  laminated  card,  simply  complete  the 
form  located  at  www.isaca.org/cobitcard. 


•  The  executive  overview 

•  The  framework 

•  The  core  content  (control 
objectives,  management 
guidelines  and  maturity 
models) 

•  Appendices  (mappings  and 
cross-references,  additional 
maturity  model  information, 
reference  material,  a  project 
description  and  a  glossary) 


4T 

Governance 

INSTITUTE' 

Lea  ding  the  IT  G  overs a  nce  Com  mi  wry 


I 


Master  complexity 


Whatever  is  in  your  data  center,  Symantec  puts  you  in  control.  That’s  the  promise  behind  the  Symantec 
Data  Center  Foundation.  Thanks  to  the  Veritas  cross-platform  heritage,  this  integrated  software  infrastructure 
solution  supports  virtually  every  major  operating  system,  database,  application  and  storage  hardware  asset 
in  your  data  center.  It’s  reduced  complexity.  It’s  comprehensive  protection.  It’s  the  smartest  move  you  can 
make.  Tour  the  Symantec  Data  Center  Foundation  at  www.symantec.com/datacenter 


Symantec 


©  2006  Symantec  Corporation.  All  rights  reserved.  Symantec  and  the 
Symantec  Logo  are  registered  trademarks  of  Symantec  Corporation. 


t;:i::i;:!!:i::|i'J  ol'if||::i:  l-'l  I 

l<IIIEIEI!!flll!l!i!l!l!lt! 


IISIII!I!IIIII!I*I*I*I!I 


